Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mom's computer has massive pop-ups problem, please help!


  • This topic is locked This topic is locked
15 replies to this topic

#1 littlefoot3

littlefoot3

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 31 August 2014 - 10:28 PM

My mom's laptop gets a pop up literally every time that she clicks anything. The pop-ups are all random and different and I have no idea why she's getting them because she only uses it to watch you tube videos and shows on hulu or network sites. Any help will be greatly appreciated! 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239
Run by Owner at 20:19:54 on 2014-08-31
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3003.852 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe
C:\Program Files (x86)\lucky leap\bin\luckyleap.PurBrowse64.exe
C:\Program Files (x86)\lucky leap\bin\luckyleap.BrowserAdapter.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\lucky leap\bin\luckyleap.BRT.Helper.exe
C:\Program Files (x86)\lucky leap\updateluckyleap.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7BC94E7E-0E34-4FC6-B0C8-A4218EFD01A3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7BC94E7E-0E34-4FC6-B0C8-A4218EFD01A3}\D656E646 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{D9EDBA5C-AE1C-4E75-BF23-6B7339366DC0} : DHCPNameServer = 192.168.1.14
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-10-18 53488]
R1 {3b232d24-d5de-4194-b4d7-d53b41a09748}w64;{3b232d24-d5de-4194-b4d7-d53b41a09748}w64;C:\Windows\System32\drivers\{3b232d24-d5de-4194-b4d7-d53b41a09748}w64.sys [2014-4-24 61120]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
R2 Update lucky leap;Update lucky leap;C:\Program Files (x86)\lucky leap\updateluckyleap.exe [2013-10-3 323360]
R2 Util lucky leap;Util lucky leap;C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe [2013-10-30 323360]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-2-12 292864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-10-18 216064]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-18 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-18 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-18 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-18 1255736]
.
=============== Created Last 30 ================
.
2014-08-26 05:55:30 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32C1A42B-4600-4E09-ABE8-B49B2FB5CA26}\mpengine.dll
2014-08-23 06:18:32 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-21 06:26:44 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4B10EE0-73CC-49ED-8CD4-9828D89EEEF4}\gapaengine.dll
2014-08-21 06:18:44 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-21 06:18:17 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-21 06:18:16 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-21 06:17:56 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-21 06:17:56 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-21 06:17:56 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-21 06:17:56 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-14 06:36:26 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 06:36:26 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 06:36:24 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 06:36:24 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 06:36:21 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 06:36:21 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 06:35:44 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 06:35:44 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 04:41:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 04:41:59 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 04:41:00 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-08-14 04:41:00 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-14 04:41:00 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-14 04:41:00 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-08-14 04:40:48 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-14 04:40:47 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-14 04:40:46 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-14 04:40:46 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-14 04:40:45 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-14 04:40:45 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-14 04:40:44 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-14 04:39:45 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-14 04:39:33 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-14 04:39:32 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-14 04:39:31 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-14 04:38:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-14 04:38:01 48128 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll
2014-08-14 04:38:00 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-14 04:36:03 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 04:36:01 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 04:35:58 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 04:35:55 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-08 04:22:33 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieUserList
2014-08-08 04:22:33 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieSiteList
.
==================== Find3M  ====================
.
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-10 05:20:57 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-10 05:20:56 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 20:22:04.75 ===============
 


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 01 September 2014 - 03:03 AM

:welcome:

Hello littlefoot3,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 littlefoot3

littlefoot3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 01 September 2014 - 02:19 PM

Hi Jo, thank you so much for all your help. Below you will find the files that you requested (checkup, FRST, and the addition files). Thanks again!

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader XI  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on OWNER-PC on 01-09-2014 12:12:34
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe
() C:\Program Files (x86)\lucky leap\bin\luckyleap.PurBrowse64.exe
() C:\Program Files (x86)\lucky leap\bin\luckyleap.BrowserAdapter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\lucky leap\bin\luckyleap.BRT.Helper.exe
() C:\Program Files (x86)\lucky leap\updateluckyleap.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Owner\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1BACC43F48CCCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> askws
CHR DefaultSearchProvider: Default -> Ask.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-22]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-02]
CHR Extension: (FilmFanatic) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg [2013-10-25]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-22]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-22]
CHR Extension: (GamingWonderland) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdckplfmllfjmeohfkddbebebogccnla [2013-10-25]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-22]
CHR HKLM-x32\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Update lucky leap; C:\Program Files (x86)\lucky leap\updateluckyleap.exe [323360 2014-08-31] ()
R2 Util lucky leap; C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe [323360 2014-08-31] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 {3b232d24-d5de-4194-b4d7-d53b41a09748}w64; C:\Windows\System32\drivers\{3b232d24-d5de-4194-b4d7-d53b41a09748}w64.sys [61120 2014-04-24] (StdLib)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 12:12 - 2014-09-01 12:13 - 00008989 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-01 10:35 - 2014-09-01 12:12 - 00000000 ____D () C:\FRST
2014-09-01 10:34 - 2014-09-01 10:34 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-01 10:32 - 2014-09-01 10:32 - 01096704 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-09-01 10:03 - 2014-09-01 10:04 - 00854417 _____ () C:\Users\Owner\Downloads\SecurityCheck.exe
2014-08-31 20:22 - 2014-08-31 20:23 - 00013799 _____ () C:\Users\Owner\Desktop\dds.txt
2014-08-31 20:22 - 2014-08-31 20:23 - 00007005 _____ () C:\Users\Owner\Desktop\attach.txt
2014-08-31 20:18 - 2014-08-31 20:19 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-08-22 23:46 - 2014-08-22 23:46 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (7).exe
2014-08-22 23:46 - 2014-08-22 23:46 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (6).exe
2014-08-22 23:46 - 2014-08-22 23:46 - 00140288 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (5).exe
2014-08-22 23:45 - 2014-08-22 23:45 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (4).exe
2014-08-22 23:44 - 2014-08-22 23:44 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (3).exe
2014-08-22 23:44 - 2014-08-22 23:44 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (2).exe
2014-08-22 23:43 - 2014-08-22 23:43 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (1).exe
2014-08-20 23:18 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-20 23:18 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-20 23:18 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-20 23:18 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-20 23:18 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-20 23:17 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-20 23:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-20 23:17 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 23:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-13 23:36 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 23:36 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 23:36 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 23:36 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 23:36 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 23:36 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 23:35 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 23:35 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 21:41 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:41 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:41 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:41 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:41 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:41 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:41 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:41 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:41 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:40 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:40 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:40 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:40 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:40 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:40 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:40 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:39 - 2014-07-15 20:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:39 - 2014-07-15 19:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 21:39 - 2014-07-15 19:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:39 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:38 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:38 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:38 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:38 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:38 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:37 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:37 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:37 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:37 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:37 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:37 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:37 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:37 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:37 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:37 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:37 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:37 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:37 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:37 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:37 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:37 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:37 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:37 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:37 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:37 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:37 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:37 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:37 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:37 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:37 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:37 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:37 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:37 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:37 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:37 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:37 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:37 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:37 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:37 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:37 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:37 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:37 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:37 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:37 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:37 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:37 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:37 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:37 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:37 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:37 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:37 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:37 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:37 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:37 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:37 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:37 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:37 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:37 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:36 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:36 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 21:35 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:35 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-07 21:22 - 2014-08-07 21:22 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-07 21:22 - 2014-08-07 21:22 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-06 23:57 - 2014-08-06 23:58 - 01230040 _____ () C:\Users\Owner\Downloads\Setup (1).exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 12:13 - 2014-09-01 12:12 - 00008989 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-01 12:12 - 2014-09-01 10:35 - 00000000 ____D () C:\FRST
2014-09-01 12:11 - 2013-10-22 18:59 - 00062374 _____ () C:\Windows\setupact.log
2014-09-01 12:11 - 2013-10-22 17:15 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 12:11 - 2013-10-22 16:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 12:11 - 2013-10-18 14:16 - 01072749 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 11:03 - 2013-10-22 17:15 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 10:34 - 2014-09-01 10:34 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-01 10:32 - 2014-09-01 10:32 - 01096704 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-09-01 10:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-01 10:04 - 2014-09-01 10:03 - 00854417 _____ () C:\Users\Owner\Downloads\SecurityCheck.exe
2014-08-31 20:23 - 2014-08-31 20:22 - 00013799 _____ () C:\Users\Owner\Desktop\dds.txt
2014-08-31 20:23 - 2014-08-31 20:22 - 00007005 _____ () C:\Users\Owner\Desktop\attach.txt
2014-08-31 20:22 - 2009-07-13 21:45 - 00034720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 20:22 - 2009-07-13 21:45 - 00034720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 20:19 - 2014-08-31 20:18 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-08-31 20:19 - 2009-07-13 22:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 20:16 - 2009-07-13 19:34 - 00000678 _____ () C:\Windows\win.ini
2014-08-31 20:12 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 20:11 - 2009-07-13 21:45 - 00414704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 23:46 - 2014-08-22 23:46 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (7).exe
2014-08-22 23:46 - 2014-08-22 23:46 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (6).exe
2014-08-22 23:46 - 2014-08-22 23:46 - 00140288 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (5).exe
2014-08-22 23:45 - 2014-08-22 23:45 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (4).exe
2014-08-22 23:44 - 2014-08-22 23:44 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (3).exe
2014-08-22 23:44 - 2014-08-22 23:44 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (2).exe
2014-08-22 23:43 - 2014-08-22 23:43 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (1).exe
2014-08-19 22:28 - 2013-10-22 17:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-08-19 15:11 - 2013-10-22 17:27 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-19 14:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 00:13 - 2013-10-18 15:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 23:55 - 2013-10-18 15:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 23:50 - 2013-10-18 15:10 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 23:33 - 2014-05-14 09:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-07 21:22 - 2014-08-07 21:22 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-07 21:22 - 2014-08-07 21:22 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-06 23:58 - 2014-08-06 23:57 - 01230040 _____ () C:\Users\Owner\Downloads\Setup (1).exe
2014-08-06 19:06 - 2014-08-13 21:35 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-13 21:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\oi_{32CFF7B7-E2AB-4E1D-BB85-5255CB71DEF8}.exe
C:\Users\Owner\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-01 10:24
 
==================== End Of Log ============================
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Owner at 2014-09-01 12:14:02
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3115 - CyberLink Corp.) Hidden
Free Spider Solitaire v4.0 (HKLM-x32\...\Free Spider_is1) (Version:  - TreeCardGames)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
lucky leap 1.0.0 (HKLM\...\lucky leap) (Version: 1.0.0 - luckyleap)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-07-2014 18:42:43 Windows Update
10-07-2014 05:54:14 Windows Update
15-07-2014 04:02:09 Windows Update
07-08-2014 06:22:07 Windows Update
14-08-2014 04:38:25 Windows Update
14-08-2014 06:32:36 Windows Update
21-08-2014 06:17:01 Windows Update
23-08-2014 06:14:19 Windows Update
01-09-2014 03:26:33 Windows Update
01-09-2014 16:59:56 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {15C021CA-D525-4E02-BFEE-4E7102908A0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {37416847-EA4B-40C3-8DB2-9D86EBB00AD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {5E85F339-2848-4136-8462-3F333DB14C22} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {D35ABD93-02DC-41BF-845B-808EA1C4AAF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-19 15:37 - 2013-09-19 15:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-19 15:32 - 2013-09-19 15:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-10-30 12:20 - 2014-08-31 20:16 - 00323360 _____ () C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe
2014-04-24 22:51 - 2014-07-10 03:09 - 00287008 _____ () C:\Program Files (x86)\lucky leap\bin\luckyleap.PurBrowse64.exe
2014-04-16 22:52 - 2014-08-29 18:28 - 00098592 _____ () C:\Program Files (x86)\lucky leap\bin\luckyleap.BrowserAdapter.exe
2014-08-25 22:56 - 2014-08-28 22:56 - 00162080 _____ () C:\Program Files (x86)\lucky leap\bin\luckyleap.BRT.Helper.exe
2013-10-03 13:45 - 2014-08-31 20:17 - 00323360 _____ () C:\Program Files (x86)\lucky leap\updateluckyleap.exe
2014-09-01 10:03 - 2014-09-01 10:04 - 00854417 _____ () C:\Users\Owner\Downloads\SecurityCheck.exe
2014-08-21 22:35 - 2014-08-29 18:28 - 00195360 _____ () C:\Program Files (x86)\lucky leap\bin\3b232d24d5de4194b4d7.dll
2014-08-19 14:47 - 2014-08-26 15:46 - 00240128 _____ () C:\Program Files (x86)\lucky leap\bin\luckyleapDsp.dll
2014-08-19 15:11 - 2014-08-06 20:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-19 15:11 - 2014-08-06 20:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-19 15:11 - 2014-08-06 20:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-19 15:11 - 2014-08-06 20:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
2014-08-19 15:11 - 2014-08-06 20:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-19 15:11 - 2014-08-06 20:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Malware => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/31/2014 08:13:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 10:59:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0001e642
Faulting process id: 0xef8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (08/25/2014 10:45:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2014 00:09:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239, time stamp: 0x53d22946
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1030db6c
Faulting process id: 0xaec
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/23/2014 00:08:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2014 11:03:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/21/2014 10:34:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/20/2014 11:16:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/19/2014 10:12:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/19/2014 02:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/31/2014 08:12:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (08/31/2014 08:12:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
 
Error: (08/23/2014 00:07:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (08/23/2014 00:07:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
 
Error: (08/23/2014 00:07:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:47:28 PM on ‎8/‎22/‎2014 was unexpected.
 
Error: (08/20/2014 11:20:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.179.2976.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/20/2014 11:20:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.179.2976.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/19/2014 10:22:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 111.39.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/19/2014 10:22:19 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.179.2976.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/19/2014 10:22:19 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.179.2976.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 63%
Total physical RAM: 3003.19 MB
Available physical RAM: 1099.05 MB
Total Pagefile: 6004.56 MB
Available Pagefile: 3691.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:250.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 33957100)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 01 September 2014 - 03:08 PM

Hello littlefoot3,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 littlefoot3

littlefoot3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 02 September 2014 - 12:08 AM

As requested, I have pasted the two reports below, thanks again Jo!
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.09.01.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
Owner :: OWNER-PC [limited]
 
9/1/2014 2:49:21 PM
mbar-log-2014-09-01 (14-49-21).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 292290
Time elapsed: 18 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Windows\System32\drivers\{3b232d24-d5de-4194-b4d7-d53b41a09748}w64.sys (PUP.Optional.Sanbreel.A) -> No action taken. [813fb572ae337aebccae1a66e47b8bb1]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
# AdwCleaner v3.308 - Report created 01/09/2014 at 17:19:41
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : BackupStack
Service Found : Update lucky leap
Service Found : Util lucky leap
Service Found : Update lucky leap
Service Found : Util lucky leap
Service Found : {3b232d24-d5de-4194-b4d7-d53b41a09748}w64
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Owner\Desktop\MyPC Backup.lnk
File Found : C:\Windows\System32\drivers\{3b232d24-d5de-4194-b4d7-d53b41a09748}w64.sys
Folder Found : C:\Program Files (x86)\lucky leap
Folder Found : C:\Program Files (x86)\lucky leap
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\lucky leap
Key Found : HKCU\Software\lucky leap
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\lucky leap
Key Found : [x64] HKCU\Software\lucky leap
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Found : HKLM\SOFTWARE\lucky leap
Key Found : HKLM\SOFTWARE\lucky leap
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update lucky leap
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util lucky leap
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [5179 octets] - [01/09/2014 17:19:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5239 octets] ##########


#6 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 02 September 2014 - 05:32 AM

Hello littlefoot3,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 littlefoot3

littlefoot3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 02 September 2014 - 11:28 AM

Hi Jo, as requested I have attached all the logs below. After doing these last steps, the computer is running much better. Thanks again for all your help. Let me know if there is anything else that you recommend that I do. Thanks!

 

PS. After running the FRST program it didn't make a new "addition.txt" report so I attached the most recent one that it did make. 

 

 

# AdwCleaner v3.308 - Report created 02/09/2014 at 08:56:24
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BackupStack
[#] Service Deleted : Update lucky leap
[#] Service Deleted : Util lucky leap
Service Deleted : {3b232d24-d5de-4194-b4d7-d53b41a09748}w64
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Program Files (x86)\lucky leap
Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Program Files (x86)\lucky leap
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
File Deleted : C:\Windows\System32\drivers\{3b232d24-d5de-4194-b4d7-d53b41a09748}w64.sys
File Deleted : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Owner\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update lucky leap
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util lucky leap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\lucky leap
Key Deleted : HKLM\SOFTWARE\lucky leap
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=622437A3-1DE6-478B-AD87-11B78B2379A5&n=77fd81b0&ind=2013102512&p2=^Z7^xdm735^YYA^us&si=classiccards-1-1
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=622437A3-1DE6-478B-AD87-11B78B2379A5&n=77fd81b0&ind=2013102512&p2=^Z7^xdm735^YYA^us&si=classiccards-1-1
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [5359 octets] - [01/09/2014 17:19:41]
AdwCleaner[R1].txt - [5419 octets] - [02/09/2014 08:52:30]
AdwCleaner[S0].txt - [5523 octets] - [02/09/2014 08:56:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5583 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Owner on Tue 09/02/2014 at  9:04:27.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\lucky leap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\lucky leap
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\lucky leap"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on OWNER-PC on 02-09-2014 09:13:49
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1BACC43F48CCCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> askws
CHR DefaultSearchProvider: Default -> Ask.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-22]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-02]
CHR Extension: (FilmFanatic) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg [2013-10-25]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-22]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-22]
CHR Extension: (GamingWonderland) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdckplfmllfjmeohfkddbebebogccnla [2013-10-25]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 09:11 - 2014-09-02 09:11 - 00000959 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-02 09:04 - 2014-09-02 09:04 - 00000000 ____D () C:\Windows\ERUNT
2014-09-02 09:00 - 2014-09-02 09:00 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-02 08:59 - 2014-09-02 08:59 - 00005691 _____ () C:\Users\Owner\Desktop\AdwCleaner[S0].txt
2014-09-01 17:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 17:19 - 2014-09-02 08:56 - 00000000 ____D () C:\AdwCleaner
2014-09-01 17:17 - 2014-09-01 17:17 - 01364531 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-01 14:49 - 2014-09-01 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-01 14:49 - 2014-09-01 14:49 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 14:48 - 2014-09-01 17:15 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-09-01 14:48 - 2014-09-01 14:48 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-01 14:46 - 2014-09-01 14:47 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe
2014-09-01 12:15 - 2014-09-01 12:15 - 00028564 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-01 12:15 - 2014-09-01 12:15 - 00023500 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-09-01 12:15 - 2014-09-01 12:15 - 00000835 _____ () C:\Users\Owner\Desktop\checkup.txt
2014-09-01 12:14 - 2014-09-01 14:48 - 00023397 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-01 12:12 - 2014-09-02 09:13 - 00007243 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-01 10:35 - 2014-09-02 09:13 - 00000000 ____D () C:\FRST
2014-09-01 10:34 - 2014-09-01 10:34 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-01 10:32 - 2014-09-01 10:32 - 01096704 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-09-01 10:03 - 2014-09-01 10:04 - 00854417 _____ () C:\Users\Owner\Downloads\SecurityCheck.exe
2014-08-31 20:22 - 2014-08-31 20:23 - 00013799 _____ () C:\Users\Owner\Desktop\dds.txt
2014-08-31 20:22 - 2014-08-31 20:23 - 00007005 _____ () C:\Users\Owner\Desktop\attach.txt
2014-08-31 20:21 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 20:21 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-31 20:21 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-31 20:18 - 2014-08-31 20:19 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-08-22 23:46 - 2014-08-22 23:46 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (7).exe
2014-08-22 23:46 - 2014-08-22 23:46 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (6).exe
2014-08-22 23:46 - 2014-08-22 23:46 - 00140288 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (5).exe
2014-08-22 23:45 - 2014-08-22 23:45 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (4).exe
2014-08-22 23:44 - 2014-08-22 23:44 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (3).exe
2014-08-22 23:44 - 2014-08-22 23:44 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (2).exe
2014-08-22 23:43 - 2014-08-22 23:43 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (1).exe
2014-08-20 23:18 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-20 23:18 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-20 23:18 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-20 23:18 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-20 23:18 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-20 23:18 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-20 23:17 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-20 23:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-20 23:17 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 23:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-13 23:36 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 23:36 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 23:36 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 23:36 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 23:36 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 23:36 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 23:35 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 23:35 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 21:41 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:41 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:41 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:41 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:41 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:41 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:41 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:41 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:41 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:41 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:40 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:40 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:40 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:40 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:40 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:40 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:40 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:39 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:38 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:38 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:38 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:38 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:38 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:37 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:37 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:37 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:37 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:37 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:37 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:37 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:37 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:37 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:37 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:37 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:37 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:37 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:37 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:37 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:37 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:37 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:37 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:37 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:37 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:37 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:37 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:37 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:37 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:37 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:37 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:37 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:37 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:37 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:37 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:37 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:37 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:37 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:37 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:37 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:37 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:37 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:37 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:37 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:37 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:37 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:37 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:37 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:37 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:37 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:37 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:37 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:37 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:37 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:37 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:37 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:37 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:37 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:36 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:36 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 21:35 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:35 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-07 21:22 - 2014-08-07 21:22 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-07 21:22 - 2014-08-07 21:22 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-06 23:57 - 2014-08-06 23:58 - 01230040 _____ () C:\Users\Owner\Downloads\Setup (1).exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 09:14 - 2014-09-01 12:12 - 00007243 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-02 09:13 - 2014-09-01 10:35 - 00000000 ____D () C:\FRST
2014-09-02 09:11 - 2014-09-02 09:11 - 00000959 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-02 09:05 - 2009-07-13 21:45 - 00034720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 09:05 - 2009-07-13 21:45 - 00034720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 09:04 - 2014-09-02 09:04 - 00000000 ____D () C:\Windows\ERUNT
2014-09-02 09:03 - 2013-10-22 17:15 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 09:03 - 2013-10-18 14:16 - 01152307 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 09:00 - 2014-09-02 09:00 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-02 08:59 - 2014-09-02 08:59 - 00005691 _____ () C:\Users\Owner\Desktop\AdwCleaner[S0].txt
2014-09-02 08:58 - 2013-10-22 18:59 - 00062822 _____ () C:\Windows\setupact.log
2014-09-02 08:58 - 2013-10-22 17:15 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 08:58 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 08:57 - 2013-10-22 19:54 - 00101378 _____ () C:\Windows\PFRO.log
2014-09-02 08:56 - 2014-09-01 17:19 - 00000000 ____D () C:\AdwCleaner
2014-09-02 08:56 - 2009-07-13 19:34 - 00000678 _____ () C:\Windows\win.ini
2014-09-02 08:47 - 2009-07-13 21:45 - 00410928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 08:45 - 2013-10-22 16:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 17:17 - 2014-09-01 17:17 - 01364531 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-01 17:15 - 2014-09-01 14:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-01 17:15 - 2014-09-01 14:48 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-09-01 14:49 - 2014-09-01 14:49 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 14:48 - 2014-09-01 14:48 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-01 14:48 - 2014-09-01 12:14 - 00023397 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-01 14:47 - 2014-09-01 14:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe
2014-09-01 12:15 - 2014-09-01 12:15 - 00028564 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-01 12:15 - 2014-09-01 12:15 - 00023500 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-09-01 12:15 - 2014-09-01 12:15 - 00000835 _____ () C:\Users\Owner\Desktop\checkup.txt
2014-09-01 10:34 - 2014-09-01 10:34 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-01 10:32 - 2014-09-01 10:32 - 01096704 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-09-01 10:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-01 10:04 - 2014-09-01 10:03 - 00854417 _____ () C:\Users\Owner\Downloads\SecurityCheck.exe
2014-08-31 20:23 - 2014-08-31 20:22 - 00013799 _____ () C:\Users\Owner\Desktop\dds.txt
2014-08-31 20:23 - 2014-08-31 20:22 - 00007005 _____ () C:\Users\Owner\Desktop\attach.txt
2014-08-31 20:19 - 2014-08-31 20:18 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-08-31 20:19 - 2009-07-13 22:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 23:46 - 2014-08-22 23:46 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (7).exe
2014-08-22 23:46 - 2014-08-22 23:46 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (6).exe
2014-08-22 23:46 - 2014-08-22 23:46 - 00140288 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (5).exe
2014-08-22 23:45 - 2014-08-22 23:45 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (4).exe
2014-08-22 23:44 - 2014-08-22 23:44 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (3).exe
2014-08-22 23:44 - 2014-08-22 23:44 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (2).exe
2014-08-22 23:43 - 2014-08-22 23:43 - 00145784 _____ (Fusion Install ) C:\Users\Owner\Downloads\flashplayerpro_Setup (1).exe
2014-08-22 19:07 - 2014-08-31 20:21 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-31 20:21 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-31 20:21 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 22:28 - 2013-10-22 17:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-08-19 15:11 - 2013-10-22 17:27 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-19 14:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 00:13 - 2013-10-18 15:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 23:55 - 2013-10-18 15:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 23:50 - 2013-10-18 15:10 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 23:33 - 2014-05-14 09:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-07 21:22 - 2014-08-07 21:22 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-07 21:22 - 2014-08-07 21:22 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-06 23:58 - 2014-08-06 23:57 - 01230040 _____ () C:\Users\Owner\Downloads\Setup (1).exe
2014-08-06 19:06 - 2014-08-13 21:35 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-13 21:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\oi_{32CFF7B7-E2AB-4E1D-BB85-5255CB71DEF8}.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-01 10:24
 
==================== End Of Log ============================
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/02/2014 at  9:11:16.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

Attached Files



#8 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 02 September 2014 - 11:45 AM

Hello littlefoot3,


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 littlefoot3

littlefoot3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 02 September 2014 - 02:10 PM

Hi Jo, the computer is running great! I haven't noticed any new pop ups since yesterday. Please let me know if I should do anything else. Thanks again!
 
Best, 
 
littlefoot3
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/2/2014
Scan Time: 10:55:26 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.02.08
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290971
Time Elapsed: 9 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 85
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\native, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\native\libs, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\adapter, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\abstractbutton, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\abstractbutton\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\alert, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\alert\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedhtml, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedhtml\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedhtml\html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedhtml\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedscript, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedscript\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedscript\html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedscript\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\flare, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\flare\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\flare\icons, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\generic, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\generic\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\link, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\link\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\images, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\rss, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\rss\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\thirdparty, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\thirdparty\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\uninstall, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\uninstall\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\weather, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\weather\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\common, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\radio, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\radio\css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\radio\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\rss, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\rss\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\test, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\topapps, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\topapps\css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\topapps\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\weather, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\weather\css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\weather\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api\window, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\moviereviews, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\moviereviews\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\moviereviews\css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\moviereviews\html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\moviereviews\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio\css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio\foreground, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio\radioWrapper, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\search, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\search\background, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\search\html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\icons, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\shared, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\_metadata, No Action By User, [00e039af413a92a424b59a356c963ac6], 
 
Files: 215
PUP.Optional.Firseria, C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$R2VBROO.exe, No Action By User, [21bf8f59d7a40333d4a721ef0ef75da3], 
PUP.Optional.Firseria, C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RUJWHPZ.exe, No Action By User, [b22e9751fc7fb1858dee1cf4b25308f8], 
PUP.Optional.Firseria, C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RXFVLJD.exe, No Action By User, [716f6187de9dcf67fb8059b78184b44c], 
PUP.Optional.Firseria, C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$R4YTM34.exe, No Action By User, [6080c325097278be3e3d60b025e07888], 
PUP.Optional.Firseria, C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RBMBYA6.exe, No Action By User, [c02011d71e5d68ce6219759b3fc6c33d], 
PUP.Optional.Firseria, C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RCUIPK0.exe, No Action By User, [726e13d594e7d16592e9bd5362a333cd], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Temp\hdc203D.tmp\UPDATER.EXE, No Action By User, [8e52d81087f4ed49a48d9de2897837c9], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Temp\blg445F.tmp\UPDATER.EXE, No Action By User, [f3ed5c8c344793a372bf91eed32e0cf4], 
PUP.Optional.OptimumInstaller.A, C:\Users\Owner\Downloads\update (1).exe, No Action By User, [5a8608e0e497082ebe86005bd62b21df], 
PUP.Optional.OptimumInstaller.A, C:\Users\Owner\Downloads\update.exe, No Action By User, [12ce24c404774de9a79d79e2867bd52b], 
PUP.Optional.Fusion.A, C:\Users\Owner\Downloads\flashplayerpro_Setup (1).exe, No Action By User, [3fa1bc2c9edd95a1001dc18f659ba55b], 
PUP.Optional.Fusion.A, C:\Users\Owner\Downloads\flashplayerpro_Setup (2).exe, No Action By User, [39a77276710a60d6a776e86844bc6c94], 
PUP.Optional.Fusion.A, C:\Users\Owner\Downloads\flashplayerpro_Setup (3).exe, No Action By User, [865afbed64172f070c112f21cd33d030], 
PUP.Optional.Fusion.A, C:\Users\Owner\Downloads\flashplayerpro_Setup (4).exe, No Action By User, [39a75593f58646f02df056fa03fdd729], 
PUP.Optional.Fusion.A, C:\Users\Owner\Downloads\flashplayerpro_Setup (5).exe, No Action By User, [d10f8860afcc9c9a78a5aaa6629e7b85], 
PUP.Optional.Fusion.A, C:\Users\Owner\Downloads\flashplayerpro_Setup (6).exe, No Action By User, [7f61e6025922e94dd944c28ee0204fb1], 
PUP.Optional.Fusion.A, C:\Users\Owner\Downloads\flashplayerpro_Setup (7).exe, No Action By User, [b9270adebac1033338e51a363dc39c64], 
PUP.Optional.OptimumInstaller.A, C:\Users\Owner\Downloads\flashplayerpro_Setup.exe, No Action By User, [a53b4f9994e7b87e6adaf863649d24dc], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blgkblimeaijgefaoiedchmmemmikpdg_0.localstorage, No Action By User, [a33d0ddb3f3c191db0c017f7fa090df3], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blgkblimeaijgefaoiedchmmemmikpdg_0.localstorage-journal, No Action By User, [558b2abedaa1eb4b234d1ef07e85b749], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\buildVars.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\config.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\contentScript.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\contentScript.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\extension_toolbar_api.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\initWidgetWindow.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\manifest.json, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\options.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\spent.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\spent.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\spent.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\superFrame.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\toolbar.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\toolbar.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\toolbarUI.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\toolbarUI.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\toolbarUI.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\native\ce.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\native\ss.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\native\libs\jquery-1.7.1.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\native\libs\jquery-1.9.1.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\adapter\adapterUtil.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\adapter\widget-adapter.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\abstractbutton\background\abstractButton.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\alert\background\alertButton.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedhtml\background\embedHtmlWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedhtml\html\embedHtmlTemplate.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedhtml\js\embedHtmlUI.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedscript\background\embedScriptWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedscript\html\embedScriptTemplate.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\embedscript\js\embedScriptUI.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\flare\background\FlareWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\flare\icons\Icon_Flare_blue.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\flare\icons\Icon_Flare_pink.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\flare\icons\Thumbs.db, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\generic\background\GenericWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\link\background\linkButton.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\README.txt, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\background\menuButton.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\css\menuframe.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\html\menuframe.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\images\right_arrow.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\images\right_arrow_white.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\js\jquery-1.7.1.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\js\menuframe.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\js\query-string.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\menu\js\underscore-1.3.1.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\rss\background\RssWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\thirdparty\background\thirdPartyWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\uninstall\background\uninstallButton.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\components\weather\background\weatherButton.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\blacklistService.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\common.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\dynamic.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\enableDetect.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\eventListening.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\global.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\jquery-1.7.1.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\list-interaction.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\messageEventListener.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\navRedirector.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\paramReplacer.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\PartnerId.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\set.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\underscore-1.3.1.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\underscore-1.5.2.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\js\unifiedLogging.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widget-context-1.0.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\common\common.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\common\eventListening.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\common\list-interaction.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\common\set.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\radio\radio-widget.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\radio\css\radio-widget.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\radio\js\radio-custom.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\radio\js\radio-parser.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\radio\js\radio-widget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\rss\rssWidget.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\rss\js\rss-widget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\test\invalid.json, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\test\jquery.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\test\qunit.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\test\qunit.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\test\resource.json, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\test\resource.xml, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\test\testWidget.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\test\testWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\topapps\widget.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\topapps\css\widget.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\topapps\js\topapps-config.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\topapps\js\widget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\weather\weatherButton.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\weather\css\weatherButton.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\common\widget-api\widgets\weather\js\weather.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api\background\ApiBasedWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api\background\widget-api-impl.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api\window\hiddenWidgetWindow.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api\window\hiddenWidgetWindow.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api\window\hiddenWidgetWindowInit.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api\window\widgetWindow.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\api\window\widgetWindow.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\background\updateSearch.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\background\updateSearchPromptBg.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\07_buttons2.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\08_buttons2.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\defaultSearchModal.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\tvf_btn_ok.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\tvf_btn_ok2.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\tvf_restart_icon.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\defaultSearch\foreground\updateSearchPromptFg.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\moviereviews\background\MovieReviewsWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\moviereviews\css\movieReviews.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\moviereviews\html\movieReviews.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\moviereviews\js\movieReviews.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio\background\RadioWidget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio\css\toolbar-item.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio\foreground\button.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio\radioWrapper\radioWrapper.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\radio\radioWrapper\radioWrapper.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\search\background\searchBox.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\search\html\searchSuggestions.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\search\html\searchSuggestions.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\search\html\searchSuggestions.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\search\html\searchSuggestionsInit.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\css\supertab.css, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\html\supertab.html, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\js\newtabfork.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\js\reporting.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\js\srchsugg.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\js\supertab.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\js\unifiedLogging.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\components\supertab\js\__utm.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\icons\arrowSprite.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\icons\icon128.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\icons\icon16.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\icons\icon19disabled.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\icons\icon19on.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\icons\icon48.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\icons\tb_icon_search_disappearing_ask.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\222119323.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\222119327.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\222119334.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\222119336.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\222119338.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\222119359.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\down_arrow.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\IDR_PRODUCT_LOGO_16.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\IDR_WEBSTORE_ICON.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\magnifying_glass.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\RadioPlayerSprite.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\search_button.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\tvf_icon_guide.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\tvf_logo.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\images\wrench.png, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\options.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\chromeUtils.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\exeManager.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\exePackageManager.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\focusManager.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\globalBlacklistManager.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\messaging.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\mutation_summary-min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\mutation_summary.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\newTabInfo.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\newTabInitialize.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\readLocalStorage.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\reservespacefortoolbar.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\reservespaceifenabled.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\scriptInjector.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\searchContext.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\settingsOverrides.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\toolbarCookieParser.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\toolbarPreinit.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\underscore-1.3.1.min.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\URILoaderContentScript.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\Widget.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\widgetFactory.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\js\widgetWindowManager.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\shared\HttpURL.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\shared\rsvp-latest.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\shared\unifiedLogging.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\shared\universalConsole.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\shared\utils.js, No Action By User, [00e039af413a92a424b59a356c963ac6], 
PUP.Optional.MindSpark.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.82.4.29778_0\_metadata\verified_contents.json, No Action By User, [00e039af413a92a424b59a356c963ac6], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$R2VBROO.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$R4YTM34.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RBMBYA6.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RCUIPK0.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RNQIUPA.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RRL1ZYM.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RUJWHPZ.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RXFVLJD.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-350192043-1319424742-1787252740-1000\$RXL0HSN.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\luckyleapUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\updateluckyleap.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\3b232d24d5de4194b4d7.dll.vir Win32/BrowseFox.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\luckyleap.BrowserAdapter.exe.vir Win32/BrowseFox.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\luckyleap.BRT.Helper.exe.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\luckyleap.PurBrowse64.exe.vir a variant of Win64/BrowseFox.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\luckyleapBrowserFilter.exe.vir a variant of MSIL/BrowseFox.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\utilluckyleap.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\{3b232d24-d5de-4194-b4d7-d53b41a09748}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.Bromon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.BroStats.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.BrowserAdapter.dll.vir probably a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.BrowserAdapterS.dll.vir probably a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.BrowserFilter.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.BRT.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.CompatibilityChecker.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.DspSvc.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.FFUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.GCUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\plugins\luckyleap.PurBrowse.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 a variant of Win32/SoftPulse.H potentially unwanted application deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\blg445F.tmp\UPDATER.EXE Win32/Toolbar.MyWebSearch.Y potentially unwanted application deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\hdc203D.tmp\UPDATER.EXE Win32/Toolbar.MyWebSearch.Y potentially unwanted application deleted - quarantined
C:\Users\Owner\Downloads\flashplayerpro_Setup (1).exe Win32/AdWare.iBryte.BB application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\flashplayerpro_Setup (2).exe Win32/AdWare.iBryte.BB application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\flashplayerpro_Setup (3).exe Win32/AdWare.iBryte.BB application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\flashplayerpro_Setup (4).exe Win32/AdWare.iBryte.BB application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\flashplayerpro_Setup (5).exe Win32/AdWare.iBryte.BB application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\flashplayerpro_Setup (6).exe Win32/AdWare.iBryte.BB application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\flashplayerpro_Setup (7).exe Win32/AdWare.iBryte.BB application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\flashplayerpro_Setup.exe a variant of Win32/AdWare.iBryte.AN application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\Setup (1).exe a variant of Win32/SoftPulse.H potentially unwanted application deleted - quarantined
C:\Users\Owner\Downloads\update (1).exe a variant of Win32/AdWare.iBryte.AA application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\update.exe Win32/AdWare.iBryte.S application cleaned by deleting - quarantined
C:\Users\Owner\Pictures\Pictures from Old and New Phone\mydownloads-rcpsetup_dcomnew_mpu_dcomnew_mpu (1).exe Win32/Systweak.D potentially unwanted application deleted - quarantined
C:\Users\Owner\Pictures\Pictures from Old and New Phone\mydownloads-rcpsetup_dcomnew_mpu_dcomnew_mpu (2).exe Win32/Systweak.D potentially unwanted application deleted - quarantined
C:\Users\Owner\Pictures\Pictures from Old and New Phone\mydownloads-rcpsetup_dcomnew_mpu_dcomnew_mpu (3).exe Win32/Systweak.D potentially unwanted application deleted - quarantined
C:\Users\Owner\Pictures\Pictures from Old and New Phone\mydownloads-rcpsetup_dcomnew_mpu_dcomnew_mpu.exe Win32/Systweak.D potentially unwanted application deleted - quarantined
 


#10 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 02 September 2014 - 02:52 PM

why did you not allow MBAM to clean what was detected?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 littlefoot3

littlefoot3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 02 September 2014 - 06:05 PM

Hi Jo, 

 

In the instructions it said to just press "apply actions" after the scan is done and the actions that MBAM chose were "ignore once". Next time should I choose "quarantine all"? I'm sorry for the inconvenience. Thanks again for all your help!

 

Best, 
 

Littlefoot3



#12 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 03 September 2014 - 02:33 AM

Hello littlefoot3,

re-run MBAM and this time choose "quarantine all".
Then post the log please.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 05 September 2014 - 03:40 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.         


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 littlefoot3

littlefoot3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 08 September 2014 - 12:33 PM

Hi Jo, 

 

Apologies for the late reply. I was out of town this past week and away from my mother's computer. I will run the MBAM this afternoon and send you the report. I hope this response is not too late! Thanks again for all your help, I greatly appreciate it. 

 

Best, 

 

Littlefoot3



#15 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 10 September 2014 - 11:59 AM

it's not to late - post the new log!


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users