Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy server isn't responding. Check settings 127.0.0.1:8800


  • This topic is locked This topic is locked
25 replies to this topic

#1 Brenlb

Brenlb

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 23 November 2014 - 05:11 PM

I have a laptop that has sometime of setting for the Internet LAN that I cannot modify. I assume that this is in the registry somewhere. I have attempted to download malware and adware software searches for it and could not locate anything. I have all of the logs. Now I cannot access the internet at all on this machine so I have been utilizing a thumb drive to install items. 

 

It is extremely frustrating, but I see that others are experiencing the same issues. 

Please help. 

Thanks. 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 PM

Posted 28 November 2014 - 05:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/557408 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:52 PM

Posted 01 December 2014 - 09:43 AM

Greetings Brenlb and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I appreciate the extra steps you are taking to get the programs on your infected computer.

While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Brenlb

Brenlb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 01 December 2014 - 06:53 PM

Hello Gary.. Thank you for taking the time to assist me with my issue.  
 
Here are the logs you were requesting. 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Brenda (administrator) on BRENDA-PC on 01-12-2014 18:34:33
Running from C:\Users\Brenda\Desktop
Loaded Profile: Brenda (Available profiles: Brenda)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\...\Run: [GoogleChromeAutoLaunch_F3F1F347082F96D0DBAEC2249C80F4F1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-14] (Google Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-3927122722-1748743139-3668010178-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3927122722-1748743139-3668010178-1001] => http=127.0.0.1:10161;https=127.0.0.1:10161
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x339818A16E15CF01
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-01 18:34 - 2014-12-01 18:35 - 00012894 _____ () C:\Users\Brenda\Desktop\FRST.txt
2014-12-01 18:34 - 2014-12-01 18:34 - 00000000 ____D () C:\FRST
2014-12-01 18:34 - 2014-12-01 18:31 - 02117120 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
2014-12-01 18:30 - 2014-12-01 18:30 - 01109504 _____ (Farbar) C:\Users\Brenda\Desktop\FRST.exe
2014-11-23 16:16 - 2014-11-23 16:16 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-23 16:16 - 2014-11-23 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-23 16:16 - 2014-11-23 16:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-11-23 15:11 - 2014-11-23 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-23 15:11 - 2014-11-23 15:11 - 00135384 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 15:11 - 2014-11-23 15:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 15:10 - 2014-11-23 15:44 - 00000000 ____D () C:\Users\Brenda\Desktop\mbar
2014-11-23 15:10 - 2014-11-23 15:10 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-23 15:02 - 2014-11-23 15:53 - 00000000 ____D () C:\AdwCleaner
2014-11-23 14:41 - 2014-11-23 14:41 - 00000000 ____D () C:\Users\Brenda\AppData\Local\Avg
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-01 18:21 - 2014-01-19 19:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-01 18:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-23 17:05 - 2014-01-19 18:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{989AE8A1-274C-46F6-8BF4-31245FEE9650}
2014-11-23 16:30 - 2014-01-19 16:37 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3927122722-1748743139-3668010178-1001
2014-11-23 16:14 - 2014-01-19 18:33 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 16:08 - 2013-09-29 23:04 - 00955428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-23 16:05 - 2014-01-19 16:22 - 01740057 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-23 16:03 - 2013-08-22 09:46 - 00036621 _____ () C:\WINDOWS\setupact.log
2014-11-23 15:57 - 2014-01-19 18:32 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 15:56 - 2014-01-19 19:53 - 00000000 __RDO () C:\Users\Brenda\SkyDrive
2014-11-23 15:55 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-23 15:54 - 2013-09-29 22:55 - 00058006 _____ () C:\WINDOWS\PFRO.log
2014-11-23 15:54 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-23 15:45 - 2014-01-19 18:33 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-23 15:28 - 2014-01-19 19:25 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-23 15:09 - 2014-01-19 18:33 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-23 15:09 - 2014-01-19 18:33 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-23 15:04 - 2014-01-19 16:21 - 00000000 ____D () C:\Users\Brenda
2014-11-23 14:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-23 14:46 - 2013-08-22 10:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-23 14:42 - 2014-04-05 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-23 14:34 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
 
Some content of TEMP:
====================
C:\Users\Brenda\AppData\Local\Temp\nscB43F.exe
C:\Users\Brenda\AppData\Local\Temp\nsp26AF.exe
C:\Users\Brenda\AppData\Local\Temp\nsqE14D.exe
C:\Users\Brenda\AppData\Local\Temp\nswB1AE.exe
C:\Users\Brenda\AppData\Local\Temp\nszDF19.exe
C:\Users\Brenda\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Brenda\AppData\Local\Temp\oi_{5B9E78AB-6DE8-40D6-8EC4-00D13E3FDBC9}.exe
C:\Users\Brenda\AppData\Local\Temp\Quarantine.exe
C:\Users\Brenda\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Brenda\AppData\Local\Temp\SPSetup.exe
C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite38769.dll
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite77426.dll
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite82824.dll
C:\Users\Brenda\AppData\Local\Temp\wfw0fl3j.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-23 14:56
 
==================== End Of Log ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by Brenda at 2014-12-01 18:35:20
Running from C:\Users\Brenda\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus 2014 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Reflector Desktop (HKLM-x32\...\{60EDFDF5-224E-4CB3-8BE8-55A6D852C0A8}) (Version: 8.3.3.115 - Red Gate Software Ltd)
.NET Reflector Visual Studio Extension 8.3 (HKLM-x32\...\{78AB5E88-4A49-43FF-9657-37935971F355}) (Version: 8.3.3.115 - Red Gate Software Ltd)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)
AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM-x32\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{DA67488A-2689-4F10-B90F-D2F6977509D6}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Secure Download Manager (HKLM-x32\...\{E86B07AE-9F94-44D5-AD47-DC2716EA90D2}) (Version: 3.1.40 - Kivuto Solutions Inc.)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Soda PDF 6 (HKLM-x32\...\Soda6) (Version: 6.0.76.13695 - LULU Software Limited)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
09-10-2014 21:36:14 Restore Operation
23-11-2014 21:30:10 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2809FAA9-2FAE-4E41-A315-2082CE4DFCF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {4475C509-7A17-4E39-B035-BDC90BF34BD2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {64E996E5-C397-4E3F-AB4A-80B61BFC4A83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {C0A319D0-D4EF-4DDB-BC50-ADD1F4522038} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {DA6C825D-4E32-431D-A1D1-86C302B4F4FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {FE4C1672-37E8-46FC-AB22-FD570F7B90CC} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-30 18:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-23 15:26 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-14 05:42 - 2012-12-14 05:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Brenda\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Classes\exefile:  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3927122722-1748743139-3668010178-500 - Administrator - Disabled)
Brenda (S-1-5-21-3927122722-1748743139-3668010178-1001 - Administrator - Enabled) => C:\Users\Brenda
Guest (S-1-5-21-3927122722-1748743139-3668010178-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3927122722-1748743139-3668010178-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2014 06:31:53 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/23/2014 04:37:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/23/2014 04:32:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/23/2014 04:20:19 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: BRENDA-PC)
Description: There was an error communicating to the Orion inference server
 
Error: (11/23/2014 04:20:18 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (11/23/2014 04:20:17 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (11/23/2014 04:03:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: BRENDA-PC)
Description: There was an error communicating to the Orion inference server
 
Error: (11/23/2014 04:03:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (11/23/2014 04:03:46 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: BRENDA-PC)
Description: There was an error communicating to the Orion inference server
 
Error: (11/23/2014 04:03:45 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
 
System errors:
=============
Error: (11/23/2014 03:09:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (11/23/2014 03:09:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (11/23/2014 03:05:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (11/23/2014 03:05:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1062
 
Error: (11/23/2014 03:05:05 PM) (Source: DCOM) (EventID: 10010) (User: BRENDA-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (11/23/2014 03:05:05 PM) (Source: DCOM) (EventID: 10010) (User: BRENDA-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (11/23/2014 03:04:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (11/23/2014 03:04:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/23/2014 03:04:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/23/2014 03:04:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (12/01/2014 06:31:53 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (11/23/2014 04:37:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exe
 
Error: (11/23/2014 04:32:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (11/23/2014 04:20:19 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: BRENDA-PC)
Description: -2143485936
 
Error: (11/23/2014 04:20:18 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485936
 
Error: (11/23/2014 04:20:17 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (11/23/2014 04:03:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: BRENDA-PC)
Description: -2143485936
 
Error: (11/23/2014 04:03:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485936
 
Error: (11/23/2014 04:03:46 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: BRENDA-PC)
Description: -2143485936
 
Error: (11/23/2014 04:03:45 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485936
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 35%
Total physical RAM: 4000.12 MB
Available physical RAM: 2584.84 MB
Total Pagefile: 5728.12 MB
Available Pagefile: 4113.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:63.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:153.69 GB) NTFS
Drive g: (ESD-USB) (Removable) (Total:14.73 GB) (Free:14.69 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.7 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
Ran by Brenda at 2014-12-01 18:45:07 Run:1
Running from C:\Users\Brenda\Desktop
Loaded Profile: Brenda (Available profiles: Brenda)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s
*****************
 
 
========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    CodeBaseSearchPath    REG_SZ    CODEBASE
    EnablePunycode    REG_DWORD    0x1
    WarnOnIntranet    REG_DWORD    0x1
    MinorVersion    REG_SZ    0
    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files
    ProxyEnable    REG_DWORD    0x1
    MigrateProxy    REG_DWORD    0x1
    ProxyServer    REG_SZ    http=127.0.0.1:8800;https=127.0.0.1:8800
    ProxyOverride    REG_SZ    <-loopback>
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000
    DefaultConnectionSettings    REG_BINARY    460000000F0200000300000028000000687474703D3132372E302E302E313A383830303B68747470733D3132372E302E302E313A383830300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000
    SavedLegacySettings    REG_BINARY    460000003F0400000300000028000000687474703D3132372E302E302E313A383830303B68747470733D3132372E302E302E313A383830300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
    CodeBaseSearchPath    REG_SZ    CODEBASE
    WarnOnIntranet    REG_DWORD    0x1
    EnablePunycode    REG_DWORD    0x1
    MinorVersion    REG_SZ    0
    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files
    ProxyEnable    REG_DWORD    0x1
    MigrateProxy    REG_DWORD    0x1
    ProxyServer    REG_SZ    http=127.0.0.1:8800;https=127.0.0.1:8800
    ProxyOverride    REG_SZ    <-loopback>
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000
    DefaultConnectionSettings    REG_BINARY    460000000F0200000300000028000000687474703D3132372E302E302E313A383830303B68747470733D3132372E302E302E313A383830300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000
    SavedLegacySettings    REG_BINARY    460000003F0400000300000028000000687474703D3132372E302E302E313A383830303B68747470733D3132372E302E302E313A383830300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters
    ServiceDllUnloadOnStop    REG_DWORD    0x1
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\nlasvc.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Cache
    KnownProxylessGatewaysV4    REG_BINARY    06002129E83ADF0C004200720065006E0064006100724E0200
    OpportunisticInternetGatewaysV4    REG_BINARY    06002129E83ADF0C004200720065006E0064006100834E0200
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet
    ActiveWebProbePathV6    REG_SZ    ncsi.txt
    ActiveWebProbePath    REG_SZ    ncsi.txt
    ActiveDnsProbeHost    REG_SZ    dns.msftncsi.com
    EnableActiveProbing    REG_DWORD    0x1
    PassivePollPeriod    REG_DWORD    0xf
    ActiveWebProbeContentV6    REG_SZ    Microsoft NCSI
    ActiveDnsProbeContentV6    REG_SZ    fd3e:4f5a:5b81::1
    ActiveWebProbeContent    REG_SZ    Microsoft NCSI
    ActiveDnsProbeContent    REG_SZ    131.107.255.255
    ActiveWebProbeHost    REG_SZ    www.msftncsi.com
    StaleThreshold    REG_DWORD    0x1e
    ActiveWebProbeHostV6    REG_SZ    ipv6.msftncsi.com
    WebTimeout    REG_DWORD    0x23
    ActiveDnsProbeHostV6    REG_SZ    dns.msftncsi.com
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies
    (Default)    REG_SZ    1http=127.0.0.1:8800;https=127.0.0.1:8800
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog ====
 
 
The summary information is attached.

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:52 PM

Posted 01 December 2014 - 09:56 PM

Thank you for the information. Can you tell me if you recognize this Proxy Server?

https=127.0.0.1:10161

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Brenda\AppData\Local\Temp\nscB43F.exe
C:\Users\Brenda\AppData\Local\Temp\nsp26AF.exe
C:\Users\Brenda\AppData\Local\Temp\nsqE14D.exe
C:\Users\Brenda\AppData\Local\Temp\nswB1AE.exe
C:\Users\Brenda\AppData\Local\Temp\nszDF19.exe
C:\Users\Brenda\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Brenda\AppData\Local\Temp\oi_{5B9E78AB-6DE8-40D6-8EC4-00D13E3FDBC9}.exe
C:\Users\Brenda\AppData\Local\Temp\Quarantine.exe
C:\Users\Brenda\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Brenda\AppData\Local\Temp\SPSetup.exe
C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite38769.dll
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite77426.dll
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite82824.dll
C:\Users\Brenda\AppData\Local\Temp\wfw0fl3j.dll
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Classes\exefile:  <===== ATTENTION!
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the Proxy?
  • Fixlog
  • RogueKiller log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Brenlb

Brenlb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 02 December 2014 - 08:44 PM

Really quick, I do not recognize that is proxy server and I cannot remove it via the browser settings. It will not erase. Even after updating and saving it just populates again.
other information will be in the next post.

#7 Brenlb

Brenlb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 02 December 2014 - 09:01 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
Ran by Brenda at 2014-12-02 20:53:16 Run:2
Running from C:\Users\Brenda\Desktop
Loaded Profile: Brenda (Available profiles: Brenda)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\Brenda\AppData\Local\Temp\nscB43F.exe
C:\Users\Brenda\AppData\Local\Temp\nsp26AF.exe
C:\Users\Brenda\AppData\Local\Temp\nsqE14D.exe
C:\Users\Brenda\AppData\Local\Temp\nswB1AE.exe
C:\Users\Brenda\AppData\Local\Temp\nszDF19.exe
C:\Users\Brenda\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Brenda\AppData\Local\Temp\oi_{5B9E78AB-6DE8-40D6-8EC4-00D13E3FDBC9}.exe
C:\Users\Brenda\AppData\Local\Temp\Quarantine.exe
C:\Users\Brenda\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Brenda\AppData\Local\Temp\SPSetup.exe
C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite38769.dll
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite77426.dll
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite82824.dll
C:\Users\Brenda\AppData\Local\Temp\wfw0fl3j.dll
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Classes\exefile:  <===== ATTENTION!
*****************
 
C:\Users\Brenda\AppData\Local\Temp\nscB43F.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\nsp26AF.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\nsqE14D.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\nswB1AE.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\nszDF19.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\oi_{5B9E78AB-6DE8-40D6-8EC4-00D13E3FDBC9}.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\SearchProtectINT.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\SPSetup.exe => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite38769.dll => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite77426.dll => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\System.Data.SQLite82824.dll => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\wfw0fl3j.dll => Moved successfully.
"HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Classes\exefile" => Key not found.
 
==== End of Fixlog ====
 
RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Brenda [Administrator]
Mode : Scan -- Date : 12/02/2014  20:58:07
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:10161;https=127.0.0.1:10161  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:10161;https=127.0.0.1:10161  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F690CBE9-745E-4C16-AE95-71281F962ED2} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F690CBE9-745E-4C16-AE95-71281F962ED2} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-80JJ5T0 +++++
--- User ---
[MBR] 2d7d94ba8776bd501073fc5c5b67dc55
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SMI USB DISK USB Device +++++
--- User ---
[MBR] 1214c0f262dc47ac161fdf128aa664e8
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 15099 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
Currently I am not using this machine due to the issue with the internet settings.  

Edited by Brenlb, 02 December 2014 - 09:09 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:52 PM

Posted 02 December 2014 - 09:41 PM

Thank you for the information. Please do this.

===================================================

RogueKiller Selecting Deletions

--------------------
  • Launch RogueKiller
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Allow the Prescan to finish
  • Click Scan
  • When the Status box shows Scan Finished place a checkmark in the following and select Delete

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800 -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:10161;https=127.0.0.1:10161 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3927122722-1748743139-3668010178-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:10161;https=127.0.0.1:10161 -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Brenlb

Brenlb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 03 December 2014 - 05:20 PM

This malware is just awful. 

I ran the scan and selected to have the items removed.  Even after I still have the same problem.  I do not know where it is embedded that it continues to come back. 

 

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Brenda [Administrator]
Mode : Delete -- Date : 12/03/2014  17:15:39
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 12 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Deleted
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F690CBE9-745E-4C16-AE95-71281F962ED2} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F690CBE9-745E-4C16-AE95-71281F962ED2} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1  -> Replaced ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-80JJ5T0 +++++
--- User ---
[MBR] 2d7d94ba8776bd501073fc5c5b67dc55
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_12032014_170040.log - RKreport_SCN_12022014_205807.log - RKreport_SCN_12032014_165914.log - RKreport_SCN_12032014_171354.log


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:52 PM

Posted 03 December 2014 - 08:59 PM

Yes, it is a bit of a bear. Please do this.

===================================================

Creating a System Restore Point in Windows 8

--------------------
  • Hit the Windows key + F at the same time
  • In the drop down menu select Everywhere
  • Type Create then click on Create a restore point
  • Click Create
  • In the Description section type Proxy Modifications
  • Click Create and allow the process to complete
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
REG: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
REG: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
REG: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
REG: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\services\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your Proxy settings
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • How are the Proxy settings now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Brenlb

Brenlb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 04 December 2014 - 04:34 PM

I can access the web browser with no error messages about the proxy server settings.   

Does this mean that I should be good to go at this point? 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:52 PM

Posted 04 December 2014 - 04:40 PM

Very good. :thumbsup2:

We are not quite done yet. Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Brenlb

Brenlb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 05 December 2014 - 06:50 AM

The ESET scan took a long time and did not finish before my pc timed out.

This is what I received from the first part of the scan. I will not be able to complete until later today as I have to go to work at this time.

 

C:\FRST\Quarantine\C\Users\Brenda\AppData\Local\Temp\nscB43F.exe.xBAD Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\FRST\Quarantine\C\Users\Brenda\AppData\Local\Temp\nsp26AF.exe.xBAD Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\FRST\Quarantine\C\Users\Brenda\AppData\Local\Temp\nsqE14D.exe.xBAD Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\FRST\Quarantine\C\Users\Brenda\AppData\Local\Temp\nswB1AE.exe.xBAD Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\FRST\Quarantine\C\Users\Brenda\AppData\Local\Temp\nszDF19.exe.xBAD Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\FRST\Quarantine\C\Users\Brenda\AppData\Local\Temp\SearchProtectINT.exe.xBAD Win32/Toolbar.Conduit.R potentially unwanted application 
C:\FRST\Quarantine\C\Users\Brenda\AppData\Local\Temp\SPSetup.exe.xBAD Win32/Conduit.SearchProtect.Q potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\ProgramData\Soda PDF 6\Installation\Soda6Installer.exe a variant of Win32/InstallIQ.A potentially unwanted application 
C:\Users\All Users\Soda PDF 6\Installation\Soda6Installer.exe a variant of Win32/InstallIQ.A potentially unwanted application 
C:\Users\Brenda\AppData\Local\Microsoft\Windows\INetCache\IE\NOQABZZE\Google-Chrome.exe Win32/OutBrowse.AY potentially unwanted application 
C:\Users\Brenda\AppData\Local\Microsoft\Windows\INetCache\IE\NOQABZZE\SPSetup[1].exe Win32/Conduit.SearchProtect.H potentially unwanted application 
C:\Users\Brenda\AppData\Local\Temp\dlm4B6E.tmp\Soda_PDF_6_Installer.exe a variant of Win32/InstallIQ.A potentially unwanted application 
C:\Windows\Temp\nsb1A0F.exe Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\Windows\Temp\nse690B.exe Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\Windows\Temp\nsh19E1.exe Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\Windows\Temp\nsi176.exe Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\Windows\Temp\nsi43A1.exe Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\Windows\Temp\nsn195.exe Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\Windows\Temp\nsoCE3D.exe Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\Windows\Temp\nsv3E32.exe Win32/Conduit.SearchProtect.V potentially unwanted application 
C:\Windows.old\Users\All Users\Soda PDF 6\Installation\Soda6Installer.exe a variant of Win32/InstallIQ.A potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Conduit\Chrome\CT3299568\CHUninstaller.exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Conduit\Chrome\CT3299568\UninstallerUI.exe a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\105_corticas_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\155_ibario_pops_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\184_noproblemppc_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\191_ciuvo_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\105_corticas_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\155_ibario_pops_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\184_noproblemppc_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\191_ciuvo_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\background.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\background.unit.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\SOAP.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\lib\config.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\lib\context.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\lib\tinifying.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.min.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.translations.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.unit.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.vars.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\abril.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\amazon.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\aol.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ask.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\autoscout24.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\autosottocosto.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\baixaki.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\bomnegocio.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\chip.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ciao.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\conduit.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\corriere.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\craigslist.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\dailymotion.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\default_adapter.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\delta-search.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\diretta.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ebay.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ehow.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\elmundo.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\elpais.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\facebook.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\foxsports.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\friv.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\funutilities.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\globo.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\gmx.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\go.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\google.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\gumtree.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\huffingtonpost.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ilmeteo.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\imdb.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\inbox.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\indeed.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\instagram.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\jappy.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\leboncoin.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\libero.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\live.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\marca.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\mediaset.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\mercadolivre.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\milanuncios.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\msn.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\mundoanuncio.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\netlog.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\nirvam.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\okcupid.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\olx.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\orange.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\pagesjaunes.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\photobucket.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\pinterest.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\pof.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\repubblica.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\roblox.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\segundamano.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\sfr.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\shopping.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\skyrock.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\spiegel.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\subito.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\t-online.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\tagged.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\terra.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\tiscali.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\tripadvisor.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\twitpic.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\twitter.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\uol.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\v9.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\virgilio.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\voila.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\walmart.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\weather.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\web.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\yahoo.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\yelp.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\youtube.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\services\bhp.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\services\favlinks.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\105_corticas_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\155_ibario_pops_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\184_noproblemppc_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\191_ciuvo_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\background.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\background.unit.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\SOAP.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\lib\config.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\lib\context.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\lib\tinifying.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.min.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.translations.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.unit.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.vars.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\abril.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\amazon.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\aol.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ask.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\autoscout24.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\autosottocosto.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\baixaki.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\bomnegocio.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\chip.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ciao.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\conduit.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\corriere.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\craigslist.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\dailymotion.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\default_adapter.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\delta-search.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\diretta.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ebay.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ehow.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\elmundo.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\elpais.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\facebook.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\foxsports.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\friv.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\funutilities.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\globo.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\gmx.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\go.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\google.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\gumtree.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\huffingtonpost.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ilmeteo.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\imdb.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\inbox.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\indeed.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\instagram.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\jappy.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\leboncoin.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\libero.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\live.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\marca.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\mediaset.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\mercadolivre.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\milanuncios.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\msn.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\mundoanuncio.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\netlog.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\nirvam.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\okcupid.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\olx.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\orange.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\pagesjaunes.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\photobucket.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\pinterest.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\pof.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\repubblica.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\roblox.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\segundamano.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\sfr.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\shopping.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\skyrock.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\spiegel.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\subito.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\t-online.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\tagged.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\terra.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\tiscali.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\tripadvisor.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\twitpic.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\twitter.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\uol.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\v9.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\virgilio.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\voila.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\walmart.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\weather.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\web.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\yahoo.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\yelp.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\youtube.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\services\bhp.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\services\favlinks.js Win32/Toolbar.Iminent.I potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\SwvUpdater\Updater.exe a variant of Win32/Amonetize.AB potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Temp\parent.txt a variant of Win32/DomaIQ.AY.gen potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Temp\d114c41f-e44b-4d0d-a894-112d948fc1070\parent.txt a variant of Win32/DomaIQ.AY.gen potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Temp\d114c41f-e44b-4d0d-a894-112d948fc1070\software\speedupmypc.exe Win32/SpeedUpMyPC.A potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Temp\ins2265\ins2265.exe a variant of MSIL/Solimba.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Temp\ins2890\ins2890.exe a variant of MSIL/Solimba.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Local\Temp\ins3115\ins3115.exe a variant of MSIL/Solimba.B potentially unwanted application 
C:\Windows.old\Users\Brenda\AppData\Roaming\OpenCandy\EB8D425130964B4CA80981FC20D40B40\mconduitinstaller.exe Win32/Toolbar.Conduit.S potentially unwanted application 
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:52 PM

Posted 05 December 2014 - 10:23 AM

What do you mean by your computer timed out? If ESET is running you should be OK.

No problem with the delay, thanks for letting me know. It is important to run ESET successfully at some point because there is a lot of stuff to be removed.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Brenlb

Brenlb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 05 December 2014 - 09:06 PM

okay, I was attempting to run the ESET scan and it stops at this location every time and I'm not sure what to do to get past it.

It is stopping at D:\$RECYCLE.BIN\S-1-5-21-3927122722-1748743139-3668010178-1001\DESKTOP.INI  which is at 49% at file scanned 190724 for total scan time of 01:47 at this time and I've been stuck at this number for over twenty minutes. Showing Infected files of 209

 

do I leave it running or stop it and quarantine what I have done already?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users