Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple trojans....need help please


  • This topic is locked This topic is locked
54 replies to this topic

#1 JLBUD

JLBUD

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:03 AM

Posted 30 December 2014 - 05:15 AM

Hi,

I did post back in October asking for help, but due to then becoming very ill havent been back to follow up and who knows what the damage to my computer is now after the kids have been on it. I am really sorry for just dissapearing like that and hope someone can still help me. Any help is greatly appreciated, thanks.

Anyway I have done a scan and this is the log file.

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-30 20:58:31
-----------------------------
20:58:31.828    OS Version: Windows 5.1.2600 Service Pack 3
20:58:31.828    Number of processors: 2 586 0x170A
20:58:31.828    ComputerName: JULIE  UserName: 
20:58:36.859    Initialize success
20:58:36.968    VM: initialized successfully
20:58:36.968    VM: Intel CPU virtualization not supported 
21:05:35.812    AVAST engine defs: 14123000
21:07:50.953    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
21:07:50.953    Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
21:07:51.062    Disk 0 MBR read successfully
21:07:51.062    Disk 0 MBR scan
21:07:51.062    Disk 0 Windows XP default MBR code
21:07:51.062    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476929 MB offset 63
21:07:51.078    Disk 0 unknown boot code
21:07:51.078    Disk 0 statistics 267/0/0 @ 1.19 MB/s
21:07:51.078    Scan finished successfully
 


BC AdBot (Login to Remove)

 


#2 JLBUD

JLBUD
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:03 AM

Posted 30 December 2014 - 06:07 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Julie2009 (administrator) on JULIE on 30-12-2014 22:08:08
Running from C:\Documents and Settings\Julie2009\My Documents\Downloads
Loaded Profile: Julie2009 (Available profiles: Julie2009)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(VirusSecureLab) C:\Documents and Settings\Julie2009\Desktop\Ultimate_Process_Killer_2.0.2.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Documents and Settings\Julie2009\My Documents\Downloads\aswMBR.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [663552 2007-03-23] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2007-01-26] (Brother Industries, Ltd.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\oinmvis: C:\Documents and Settings\Julie2009\Local Settings\Application Data\oinmvis.dll ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Run: [Task Blocker] => C:\Program Files\Task Blocker\TaskBlocker.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Run: [Google Update] => C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Run: [Ffnovnnobq] => regsvr32.exe /s "C:\Documents and Settings\Julie2009\Local Settings\Application Data\Skype\Ffnovnnobq.dll"
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Run: [FisnAqisw] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\FisnAqisw\HabpaGnidj.jms"
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Run: [oinmvis] => rundll32 "C:\Documents and Settings\Julie2009\Local Settings\Application Data\oinmvis.dll",oinmvis
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Run: [1755801251] => C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\startFloodLightGames.exe [167936 2014-12-30] (2013 ® AT&T 2stoke)
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {242e6137-e660-11e1-b87f-0022b0e62681} - F:\DPFMate.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {374e33a8-f7f2-11e1-b8a0-0022b0e62681} - G:\DPFMate.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {ae0aa80c-2d8d-11e0-b62b-0022b0e62681} - F:\Startme.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {e753c728-a67d-11de-b3f6-0022b0e62681} - F:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {f38a9d5c-374d-11e4-bc40-0022b0e62681} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5085416 2014-10-27] (Avira)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-839522115-776561741-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-839522115-776561741-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKU\S-1-5-21-839522115-776561741-725345543-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Julie2009\Application Data\Mozilla\Firefox\Profiles\r8nno8i7.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: google.com.au
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-839522115-776561741-725345543-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-839522115-776561741-725345543-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Julie2009\Application Data\Mozilla\Firefox\Profiles\r8nno8i7.default\Extensions\abs@avira.com [2014-12-12]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Julie2009\Application Data\Mozilla\Firefox\Profiles\r8nno8i7.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-04-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-02]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-13]
CHR Extension: (Google Drive) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-13]
CHR Extension: (Solitaire) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2013-08-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-13]
CHR Extension: (Avira SafeSearch) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-12]
CHR Extension: (Google Calendar) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-08-19]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-12]
CHR Extension: (FromDocToPDF) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo [2014-08-15]
CHR Extension: (Offline Dictionary) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mplnjjdpheipggojikpifkibnoaakkii [2013-08-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ezGOSvc; C:\WINDOWS\system32\ezGOSvc.dll [73600 2011-05-28] ()
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-14] (Oracle Corporation)
S4 APNMCP; No ImagePath
S2 nvsvc; C:\WINDOWS\System32\nvsvc32.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ANIO; C:\WINDOWS\System32\ANIO.SYS [28195 2005-12-11] (Alpha Networks Inc.) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider) [File not signed]
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed]
R0 iviVD; C:\WINDOWS\System32\DRIVERS\iviVD.sys [45056 2005-11-16] (InterVideo)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-06-26] (Atheros Communications, Inc.)
R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [491648 2008-03-05] (Ralink Technology, Corp.)
S3 s1018mgmt; C:\WINDOWS\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-26] (MCCI Corporation) [File not signed]
S3 s1018obex; C:\WINDOWS\System32\DRIVERS\s1018obex.sys [104744 2009-03-26] (MCCI Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-08-13] (Avira GmbH)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S2 UsbCam; C:\WINDOWS\System32\Drivers\UsbCam.sys [16384 2005-01-18] (Windows ® 2000 DDK provider) [File not signed]
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [845184 2008-07-25] (VIA Technologies, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 aswMBR; \??\C:\DOCUME~1\JULIE2~1\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\JULIE2~1\LOCALS~1\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: ezGOSvc -> C:\WINDOWS\system32\ezGOSvc.dll ()
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 22:06 - 2014-12-30 22:08 - 00000000 ____D () C:\FRST
2014-12-30 21:10 - 2014-12-30 21:18 - 00001009 _____ () C:\Documents and Settings\Julie2009\Desktop\aswMBR.txt
2014-12-30 21:10 - 2014-12-30 21:10 - 00000512 _____ () C:\Documents and Settings\Julie2009\Desktop\MBR.dat
2014-12-30 17:27 - 2014-12-30 17:27 - 00000085 _____ () C:\Documents and Settings\Julie2009\My Documents\XXXXXXXXXX.txt
2014-12-30 16:31 - 2014-12-30 16:31 - 00000000 ____D () C:\Documents and Settings\Julie2009\Application Data\Curiolab
2014-12-30 15:26 - 2014-12-30 17:24 - 00000000 ____D () C:\Program Files\Exterminate It!
2014-12-30 15:26 - 2014-12-30 15:26 - 00000756 _____ () C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk
2014-12-30 15:26 - 2014-12-30 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Exterminate It!
2014-12-30 13:05 - 2014-12-30 13:05 - 00023552 _____ () C:\Documents and Settings\Julie2009\Local Settings\Application Data\oinmvis.dll
2014-12-30 12:14 - 2014-12-30 12:14 - 00000552 _____ () C:\WINDOWS\fivxp.zot
2014-12-30 12:12 - 2014-12-30 12:15 - 00001847 _____ () C:\WINDOWS\heu.iaz
2014-12-30 12:12 - 2014-12-30 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FisnAqisw
2014-12-19 09:24 - 2014-12-19 09:24 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-12-06 10:36 - 2014-12-09 09:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 22:09 - 2009-08-06 22:44 - 00000000 ____D () C:\Documents and Settings\Julie2009\Local Settings\Temp
2014-12-30 21:23 - 2010-03-13 15:32 - 00000994 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-776561741-725345543-1004UA.job
2014-12-30 20:53 - 2012-09-13 01:07 - 00419357 _____ () C:\WINDOWS\setupapi.log
2014-12-30 16:55 - 2011-12-19 09:30 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-12-30 16:53 - 2009-08-06 22:38 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-30 14:53 - 2009-08-07 16:55 - 01557851 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-30 14:12 - 2009-08-07 20:29 - 00000000 ____D () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google
2014-12-30 13:35 - 2009-08-07 16:36 - 00000000 ____D () C:\Documents and Settings\Julie2009\Application Data\MSN6
2014-12-30 13:25 - 2012-06-25 20:47 - 00000000 ____D () C:\Documents and Settings\Julie2009\Application Data\Flood Light Games
2014-12-30 13:23 - 2009-08-07 16:07 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{7566E793-C74E-4749-B5BA-3AC6FC1CA703}
2014-12-30 13:23 - 2009-08-07 06:32 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-30 13:23 - 2009-08-07 06:32 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-30 13:22 - 2009-08-06 22:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-30 13:22 - 2002-01-01 00:00 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-30 13:21 - 2009-08-06 22:42 - 00032446 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-30 13:20 - 2009-08-06 22:44 - 00000178 ___SH () C:\Documents and Settings\Julie2009\ntuser.ini
2014-12-30 13:20 - 2009-08-06 22:44 - 00000000 ____D () C:\Documents and Settings\Julie2009
2014-12-30 12:23 - 2010-03-13 15:32 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-776561741-725345543-1004Core.job
2014-12-30 12:06 - 2013-06-11 13:56 - 00000000 ____D () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Sun
2014-12-30 12:04 - 2014-04-17 21:45 - 00000000 ____D () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Skype
2014-12-30 11:43 - 2014-07-24 22:02 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-30 11:35 - 2003-03-31 23:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-29 11:45 - 2013-05-09 16:41 - 00000000 ____D () C:\Documents and Settings\Julie2009\My Documents\HOUSE
2014-12-26 17:28 - 2009-12-16 14:12 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-12-19 09:24 - 2011-10-22 16:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-12-19 09:23 - 2011-10-22 16:15 - 00000000 ____D () C:\Program Files\Avira
2014-12-15 12:40 - 2009-08-07 06:30 - 00206963 _____ () C:\WINDOWS\setupact.log
2014-12-13 14:23 - 2009-08-17 19:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-13 14:20 - 2013-07-23 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 14:15 - 2009-08-17 19:39 - 00002515 _____ () C:\Documents and Settings\Julie2009\Desktop\Microsoft Word 2007.lnk
2014-12-13 14:07 - 2009-08-14 12:19 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 14:27 - 2010-03-13 15:33 - 00002316 _____ () C:\Documents and Settings\Julie2009\Desktop\Google Chrome.lnk
2014-12-09 20:01 - 2009-08-09 06:38 - 00030720 _____ () C:\Documents and Settings\Julie2009\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-08 15:57 - 2002-01-01 00:00 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
Files to move or delete:
====================
C:\Documents and Settings\Julie2009\tasklist.dat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Julie2009\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Julie2009\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\Julie2009\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\Julie2009\Local Settings\Temp\drm_dyndata_7350007.dll
C:\Documents and Settings\Julie2009\Local Settings\Temp\EAInstall.dll
C:\Documents and Settings\Julie2009\Local Settings\Temp\install_flashplayer14x32_mssd_aaa_aih.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\install_flashplayer14x32_mssd_awc_aih.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\install_flash_player.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\mun518.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\nos_uninstall_Adobe.dll
C:\Documents and Settings\Julie2009\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\setup.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\SymLCSVC.EXE
C:\Documents and Settings\Julie2009\Local Settings\Temp\tmp2976526d.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\tmp7112e201.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\tmpac55bceb.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\UpdateFlashPlayer_f1fd9956.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\_is2C2.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ==================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by Julie2009 at 2014-12-30 22:09:15
Running from C:\Documents and Settings\Julie2009\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
101 Kid's Brainy Games (HKLM\...\{25AA6102-EA34-4045-BF7B-EEB3162AD006}) (Version: 1.00.000 - )
102 Dalmatians Activity Center (HKLM\...\102 Dalmatians Activity Center) (Version:  - )
99 Mahjongg (HKLM\...\99 Mahjongg) (Version: 1.0 - )
Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie Bundle - 3 in 1 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118753180}) (Version:  - Oberon Media)
Amazing Adventures Riddle of the Two Knights (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510006214}) (Version:  - Oberon Media)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version:  - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Ethernet Utility (HKLM\...\{FB686487-C637-4EEF-BCB1-C92463F2CC05}) (Version: 1.1.0.3 - Atheros Communications Inc.)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira APC 0.1.0.1 (HKLM\...\{18948029-33D5-4B93-8275-FE1FC7A43D51}_is1) (Version: 0.1.0.1 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira System Speedup (HKLM\...\AviraSpeedup) (Version: 1.3.1.9930 - Avira System Speedup)
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
Disney Interactive Global Compatibility Update June 2003 (HKLM\...\{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb) (Version:  - )
Disney's Activity Centre, A Bug's Life (HKLM\...\Disney's Activity Centre, A Bug's Life) (Version:  - )
D-Link Wireless G DWA-510 (HKLM\...\{BADEDF59-389D-49CA-AD06-7EF12C5C13CD}) (Version:  - D-Link)
DSI (HKLM\...\{3C327134-1238-44A3-A157-83BB11039B0C}) (Version: 1.0.3.2 - Interlinux Ltd)
e-tax 2012 (HKLM\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
e-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.7.491 - Australian Taxation Office)
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.7.707 - Australian Taxation Office)
Exterminate It! (HKLM\...\Exterminate It!) (Version: 1.76.05.25 - Curio Lab)
Google Chrome (HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Great Secrets Da Vinci (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114325567}) (Version:  - Oberon Media)
Hot Shots BugDrop (HKLM\...\{2BC98DE5-E58B-48E8-8FAF-B785182AECA7}) (Version: 1.0 - )
Hot Shots SlingShot (HKLM\...\{37CB1C81-3A6C-45C8-9321-01C2CD5ED5CC}) (Version: 1.0 - )
Insaniquarium Deluxe (HKLM\...\Insaniquarium Deluxe) (Version:  - )
InterVideo DVDCopy5 (HKLM\...\{C167A588-87AA-47BF-A88E-5B0F9A14480D}) (Version: 5.0-B4.24 - InterVideo Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Media Go (HKLM\...\{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}) (Version: 1.3.227 - Sony)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires (HKLM\...\Age of Empires) (Version:  - )
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM\...\Zoo Tycoon 1.0) (Version:  - )
Mozilla Firefox 34.0 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Muppet Babies - Air, Land and Sea (HKLM\...\{52496559-216D-483F-AC79-9F9B089F4274}) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.53 - )
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Platform (Version: 1.27 - VIA Technologies, Inc.) Hidden
ProChip FLEX Manager 1.2.2 (HKLM\...\FlexManagerProChip_is1) (Version: 1.2.2.27230 - MYLAPS Sports Timing)
Profiler Hopscotch Killer (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119144927}) (Version:  - Oberon Media)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version:  - )
SeaWorld Adventure Parks Tycoon 3D (HKLM\...\{7A1F1E81-A017-43EE-8A24-E88878164C91}) (Version:  - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SimCity 2000® Special Edition (HKLM\...\SimCity2000CDv1) (Version:  - )
Sudoku XP (HKLM\...\Sudoku XP) (Version:  - )
The Missing - a Search and Rescue Mystery (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005699}) (Version:  - Oberon Media)
The Sims™ Castaway Stories (HKLM\...\{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}) (Version:  - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.27 - VIA Technologies, Inc.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Wiggles (HKLM\...\Wiggles) (Version:  - )
Windows Driver Package - MYLAPS (usbser) Ports  (09/06/2010 1.02) (HKLM\...\F1F75C64F6AF48A19FFE79A321EFF12E4D2DDE1C) (Version: 09/06/2010 1.02 - MYLAPS)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Zoo Tycoon 2 (HKLM\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.135\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.2.183.39\goopdat (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.145\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.123\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.153\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.149\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.165\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.115\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.111\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dl (the data entry has 9 more characters).
 
==================== Restore Points  =========================
 
02-10-2014 09:37:12 System Checkpoint
03-10-2014 10:19:11 System Checkpoint
04-10-2014 10:34:44 System Checkpoint
06-10-2014 09:31:01 System Checkpoint
07-10-2014 10:31:18 System Checkpoint
08-10-2014 11:11:00 System Checkpoint
09-10-2014 13:13:33 System Checkpoint
10-10-2014 13:38:09 System Checkpoint
10-10-2014 16:17:53 Restore Operation
10-10-2014 19:27:14 Removed Skype Web Plugin
10-10-2014 19:28:06 Removed Skype™ 6.16
10-10-2014 19:40:51 Removed Apple Software Update
12-10-2014 12:39:49 Installed DSI
13-10-2014 17:32:14 System Checkpoint
14-10-2014 18:30:07 System Checkpoint
15-10-2014 19:35:09 System Checkpoint
16-10-2014 20:04:19 System Checkpoint
17-10-2014 09:54:12 Software Distribution Service 3.0
18-10-2014 10:33:29 System Checkpoint
19-10-2014 11:40:24 System Checkpoint
21-10-2014 08:42:53 System Checkpoint
22-10-2014 08:50:34 System Checkpoint
23-10-2014 09:02:35 System Checkpoint
24-10-2014 11:53:12 System Checkpoint
25-10-2014 12:07:03 System Checkpoint
26-10-2014 13:06:56 System Checkpoint
27-10-2014 17:08:21 Avira System Speedup(1.3.1.9930)
28-10-2014 17:33:11 System Checkpoint
29-10-2014 18:07:03 System Checkpoint
30-10-2014 18:42:43 System Checkpoint
31-10-2014 19:27:14 System Checkpoint
01-11-2014 19:46:10 System Checkpoint
02-11-2014 21:12:26 System Checkpoint
03-11-2014 21:29:42 System Checkpoint
04-11-2014 21:58:25 System Checkpoint
05-11-2014 22:13:50 System Checkpoint
07-11-2014 11:56:08 System Checkpoint
08-11-2014 12:12:37 System Checkpoint
07-11-2014 11:22:56 System Checkpoint
08-11-2014 17:19:08 System Checkpoint
01-01-2002 00:22:07 System Checkpoint
11-11-2014 15:43:00 System Checkpoint
12-11-2014 15:05:53 Software Distribution Service 3.0
13-11-2014 17:59:23 System Checkpoint
14-11-2014 18:06:26 System Checkpoint
15-11-2014 18:23:13 System Checkpoint
16-11-2014 19:02:30 System Checkpoint
17-11-2014 20:23:08 System Checkpoint
18-11-2014 21:21:58 System Checkpoint
19-11-2014 21:55:27 System Checkpoint
21-11-2014 14:41:40 System Checkpoint
22-11-2014 17:42:49 System Checkpoint
23-11-2014 17:56:41 System Checkpoint
25-11-2014 08:54:41 System Checkpoint
26-11-2014 09:47:05 System Checkpoint
01-01-2002 00:56:14 System Checkpoint
27-11-2014 08:40:42 System Checkpoint
28-11-2014 14:49:53 System Checkpoint
29-11-2014 18:04:04 System Checkpoint
30-11-2014 18:08:05 System Checkpoint
02-12-2014 09:02:51 System Checkpoint
03-12-2014 11:52:44 System Checkpoint
04-12-2014 18:18:33 System Checkpoint
05-12-2014 19:33:26 System Checkpoint
06-12-2014 20:32:59 System Checkpoint
08-12-2014 17:09:12 System Checkpoint
09-12-2014 17:38:10 System Checkpoint
11-12-2014 17:42:00 System Checkpoint
12-12-2014 18:03:26 System Checkpoint
13-12-2014 14:04:36 Software Distribution Service 3.0
14-12-2014 15:15:21 System Checkpoint
15-12-2014 15:25:09 System Checkpoint
16-12-2014 15:37:39 System Checkpoint
17-12-2014 15:46:19 System Checkpoint
18-12-2014 19:48:06 System Checkpoint
19-12-2014 20:13:43 System Checkpoint
22-12-2014 17:08:47 System Checkpoint
23-12-2014 17:48:55 System Checkpoint
26-12-2014 18:25:28 System Checkpoint
27-12-2014 18:32:38 System Checkpoint
28-12-2014 19:14:21 System Checkpoint
29-12-2014 19:44:23 System Checkpoint
30-12-2014 20:23:24 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2003-03-31 23:00 - 2003-03-31 23:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-776561741-725345543-1004Core.job => C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-776561741-725345543-1004UA.job => C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-30 13:05 - 2014-12-30 13:05 - 00023552 _____ () C:\Documents and Settings\Julie2009\Local Settings\Application Data\oinmvis.dll
2013-12-14 11:35 - 2011-05-28 19:29 - 00073600 _____ () c:\windows\system32\ezgosvc.dll
2009-08-06 23:37 - 2008-04-14 11:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2009-08-06 23:37 - 2008-04-14 11:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-12-11 14:26 - 2014-12-06 12:50 - 09009480 _____ () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 14:26 - 2014-12-06 12:50 - 01677128 _____ () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-11 14:26 - 2014-12-06 12:50 - 14913352 _____ () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8DBEDD28
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ACFD5043
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D951E5AF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DD3F5AF4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E31A3E2D
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk => C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ANIWZCS2Service => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\System32\ctfmon.exe
MSCONFIG\startupreg: D-Link D-Link Wireless G DWA-510 => C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-839522115-776561741-725345543-500 - Administrator - Enabled)
Guest (S-1-5-21-839522115-776561741-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-839522115-776561741-725345543-1000 - Limited - Disabled)
Julie2009 (S-1-5-21-839522115-776561741-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Julie2009
SUPPORT_388945a0 (S-1-5-21-839522115-776561741-725345543-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2014 01:30:13 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:30:08 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:29:38 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:29:32 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:28:33 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:23:43 PM) (Source: Google Update) (EventID: 1) (User: JULIE)
Description: Google Update has encountered a fatal error.
ver=1.3.25.11;lang=en;guid=;is_machine=0;oop=0;upload=0;minidump=C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\CrashReports\77226d9f-0c19-43f2-bce8-d8dc7f500f1b.dmp
 
Error: (12/30/2014 01:18:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgnt.exe, version 14.0.7.440, faulting module ccmsg.dll, version 14.0.7.440, fault address 0x0000bde3.
Processing media-specific event for [avgnt.exe!ws!]
 
Error: (12/30/2014 11:38:19 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr, System.Object[], System.Object, Int32, Boolean, System.Object[] ByRef)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessageSink)
   at System.Runtime.Remoting.Proxies.AgileAsyncWorkerItem.DoAsyncCall()
   at System.Runtime.Remoting.Proxies.AgileAsyncWorkerItem.ThreadPoolCallBack(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (12/21/2014 09:48:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 39.0.2171.95, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/01/2002 00:07:24 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
System errors:
=============
Error: (12/30/2014 09:59:57 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
Error: (12/30/2014 09:59:22 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
Error: (12/30/2014 09:54:01 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
Error: (12/30/2014 09:53:03 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
Error: (12/30/2014 09:51:14 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
Error: (12/30/2014 09:48:33 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
Error: (12/30/2014 09:32:40 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
Error: (12/30/2014 09:06:11 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
Error: (12/30/2014 05:32:59 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
Error: (12/30/2014 05:32:08 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 79%
Total physical RAM: 3583 MB
Available physical RAM: 719.2 MB
Total Pagefile: 6419.41 MB
Available Pagefile: 3118.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.18 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:392.1 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F525F525)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 31 December 2014 - 04:03 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

The logs will take me some time to analyze them. Will post soon with instructions! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 31 December 2014 - 05:06 AM

Hi again,

 

Hi,
 
 
Please download the following file => [attachment=159924:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi


cXfZ4wS.png


#5 JLBUD

JLBUD
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:03 AM

Posted 02 January 2015 - 12:02 AM

Thanks Georgi,

Have done what you have asked, I am saving the logs to a folder called "virus info" on my desktop so I can find it all easy, is that ok or does it have to be saved straight to desktop?

What is making things hard to work on computer at the moment is that about every 10-20 seconds I have a process iexplore.exe starting up (IE window doesnt open) and if I dont end them quick enough more open and they slow down computer and sometimes download things. I dont use internet explorer at all.

 

 

Here is the Fixlog you asked for:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014
Ran by Julie2009 at 2015-01-02 15:19:48 Run:1
Running from C:\Documents and Settings\Julie2009\Desktop\virus info
Loaded Profile: Julie2009 (Available profiles: Julie2009)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
Winlogon\Notify\oinmvis: C:\Documents and Settings\Julie2009\Local Settings\Application Data\oinmvis.dll ()
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Run: [Ffnovnnobq] => regsvr32.exe /s "C:\Documents and Settings\Julie2009\Local Settings\Application Data\Skype\Ffnovnnobq.dll"
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Run: [FisnAqisw] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\FisnAqisw\HabpaGnidj.jms"
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Run: [oinmvis] => rundll32 "C:\Documents and Settings\Julie2009\Local Settings\Application Data\oinmvis.dll",oinmvis
C:\Documents and Settings\Julie2009\Local Settings\Application Data\Skype\Ffnovnnobq.dll
Folder: C:\Documents and Settings\All Users\Application Data\FisnAqisw
C:\Documents and Settings\All Users\Application Data\FisnAqisw
C:\Documents and Settings\Julie2009\Local Settings\Application Data\oinmvis.dll
Folder: C:\Documents and Settings\Julie2009\Application Data\Flood Light Games
File: C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\startFloodLightGames.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {e753c728-a67d-11de-b3f6-0022b0e62681} - F:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {f38a9d5c-374d-11e4-bc40-0022b0e62681} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
U3 aswMBR; \??\C:\DOCUME~1\JULIE2~1\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\JULIE2~1\LOCALS~1\Temp\aswVmm.sys [X]
2014-12-30 12:14 - 2014-12-30 12:14 - 00000552 _____ () C:\WINDOWS\fivxp.zot
2014-12-30 12:12 - 2014-12-30 12:15 - 00001847 _____ () C:\WINDOWS\heu.iaz
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8DBEDD28
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ACFD5043
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D951E5AF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DD3F5AF4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E31A3E2D
emptytemp:
end
*****************
 
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\oinmvis" => Key deleted successfully.
HKU\S-1-5-21-839522115-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Ffnovnnobq => Value not found.
HKU\S-1-5-21-839522115-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\FisnAqisw => Value not found.
HKU\S-1-5-21-839522115-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\oinmvis => Value not found.
C:\Documents and Settings\Julie2009\Local Settings\Application Data\Skype\Ffnovnnobq.dll => Moved successfully.
 
========================= Folder: C:\Documents and Settings\All Users\Application Data\FisnAqisw ========================
 
2014-12-30 12:12 - 2014-12-30 12:12 - 0264192 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\FisnAqisw\HabpaGnidj.jms
 
====== End of Folder: ======
 
C:\Documents and Settings\All Users\Application Data\FisnAqisw => Moved successfully.
C:\Documents and Settings\Julie2009\Local Settings\Application Data\oinmvis.dll => Moved successfully.
 
========================= Folder: C:\Documents and Settings\Julie2009\Application Data\Flood Light Games ========================
 
2003-03-31 23:00 - 2014-12-30 13:25 - 0167936 ____H (2013 ® AT&T 2stoke) C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\startFloodLightGames.exe
2012-08-11 20:33 - 2012-08-11 20:34 - 0000000 ____D () C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\DMF
2012-08-11 20:33 - 2012-08-11 21:36 - 0019169 _____ () C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\DMF\ae2d.log
2012-08-11 20:34 - 2012-08-11 21:36 - 0000133 _____ () C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\DMF\DMF_profiles.dat
2012-06-25 20:47 - 2012-06-25 20:47 - 0000000 ____D () C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\Peril at End House
2012-06-25 20:47 - 2014-05-07 17:24 - 0023488 _____ () C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\Peril at End House\ae2d.log
2012-06-25 20:47 - 2014-05-07 17:24 - 0000065 _____ () C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\Peril at End House\us_profiles.dat
 
====== End of Folder: ======
 
 
========================= File: C:\Documents and Settings\Julie2009\Application Data\Flood Light Games\startFloodLightGames.exe ========================
 
MD5: b11cac53208d19d676e27a48aedde197     
Creation and modification date: 2003-03-31 23:00 - 2014-12-30 13:25
Size: 0167936
Attributes: ---AH
Company Name: 2013 ® AT&T 2stoke
Internal Name: 2stoke
Original Name: 2stoke.exe
Product Name: 2stoke
Description: 
File Version: 4.08.0003
Product Version: 4.08.0003
Copyright: 2stoke
 
====== End Of File: ======
 
"HKU\S-1-5-21-839522115-776561741-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e753c728-a67d-11de-b3f6-0022b0e62681}" => Key deleted successfully.
HKCR\CLSID\{e753c728-a67d-11de-b3f6-0022b0e62681} => Key not found. 
HKU\S-1-5-21-839522115-776561741-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f38a9d5c-374d-11e4-bc40-0022b0e62681} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} => Key not found. 
HKCR\CLSID\{f38a9d5c-374d-11e4-bc40-0022b0e62681} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} => Key not found. 
aswMBR => Service not found.
aswVmm => Service not found.
C:\WINDOWS\fivxp.zot => Moved successfully.
C:\WINDOWS\heu.iaz => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":8DBEDD28" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":ACFD5043" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D951E5AF" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":DD3F5AF4" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E31A3E2D" ADS removed successfully.
EmptyTemp: => Removed 8.9 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:25:26 ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 03 January 2015 - 04:40 AM

Hello and Happy New Year!

Hope you have a great new year 2015! May all your dreams come true!

I am sorry about the delay. I had to travel away unexpectedly at the weekend, so wasn't able to do reply earlier.

Can you please do the following for me?

 

 

STEP 1

 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

STEP 2

 

 

Please re-run FRST (make sure that Addition.txt is ticked before you press the Scan button) and then post both logs (FRST.txt and Addition.txt) in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 JLBUD

JLBUD
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:03 AM

Posted 03 January 2015 - 10:29 PM

Hi Georgi,

no problem with delay in reply.

I really appreciate any help you can give me.

Here is link for pastebin and log files also.

 

 

http://pastebin.com/f5QkHUh5

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-01-2015 03
Ran by Julie2009 (administrator) on JULIE on 04-01-2015 14:17:29
Running from C:\Documents and Settings\Julie2009\Desktop\virus info
Loaded Profile: Julie2009 (Available profiles: Julie2009)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {242e6137-e660-11e1-b87f-0022b0e62681} - F:\DPFMate.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {374e33a8-f7f2-11e1-b8a0-0022b0e62681} - G:\DPFMate.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {ae0aa80c-2d8d-11e0-b62b-0022b0e62681} - F:\Startme.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {f38a9d5c-374d-11e4-bc40-0022b0e62681} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5085416 2014-10-27] (Avira)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-839522115-776561741-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-839522115-776561741-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKU\S-1-5-21-839522115-776561741-725345543-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Julie2009\Application Data\Mozilla\Firefox\Profiles\r8nno8i7.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: google.com.au
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-839522115-776561741-725345543-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-839522115-776561741-725345543-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Julie2009\Application Data\Mozilla\Firefox\Profiles\r8nno8i7.default\Extensions\abs@avira.com [2014-12-12]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Julie2009\Application Data\Mozilla\Firefox\Profiles\r8nno8i7.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-04-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-02]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-13]
CHR Extension: (Google Drive) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-13]
CHR Extension: (Solitaire) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2013-08-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-13]
CHR Extension: (Avira SafeSearch) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-12]
CHR Extension: (Google Calendar) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-08-19]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-12]
CHR Extension: (FromDocToPDF) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo [2014-08-15]
CHR Extension: (Offline Dictionary) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mplnjjdpheipggojikpifkibnoaakkii [2013-08-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ezGOSvc; C:\WINDOWS\system32\ezGOSvc.dll [73600 2011-05-28] ()
S4 APNMCP; No ImagePath
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 nvsvc; C:\WINDOWS\System32\nvsvc32.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ANIO; C:\WINDOWS\System32\ANIO.SYS [28195 2005-12-11] (Alpha Networks Inc.) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider) [File not signed]
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed]
R0 iviVD; C:\WINDOWS\System32\DRIVERS\iviVD.sys [45056 2005-11-16] (InterVideo)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-06-26] (Atheros Communications, Inc.)
R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [491648 2008-03-05] (Ralink Technology, Corp.)
S3 s1018mgmt; C:\WINDOWS\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-26] (MCCI Corporation) [File not signed]
S3 s1018obex; C:\WINDOWS\System32\DRIVERS\s1018obex.sys [104744 2009-03-26] (MCCI Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-08-13] (Avira GmbH)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S2 UsbCam; C:\WINDOWS\System32\Drivers\UsbCam.sys [16384 2005-01-18] (Windows ® 2000 DDK provider) [File not signed]
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [845184 2008-07-25] (VIA Technologies, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: ezGOSvc -> C:\WINDOWS\system32\ezGOSvc.dll ()
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-04 13:39 - 2015-01-04 13:39 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-04 13:26 - 2015-01-04 13:28 - 04187592 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Julie2009\Desktop\tdsskiller.exe
2014-12-30 22:19 - 2014-12-30 22:19 - 00000000 ___HD () C:\WINDOWS\PIF
2014-12-30 22:18 - 2015-01-04 14:17 - 00000000 ____D () C:\Documents and Settings\Julie2009\Desktop\virus info
2014-12-30 22:06 - 2015-01-04 14:17 - 00000000 ____D () C:\FRST
2014-12-30 21:10 - 2014-12-30 21:18 - 00001009 _____ () C:\Documents and Settings\Julie2009\Desktop\aswMBR.txt
2014-12-30 21:10 - 2014-12-30 21:10 - 00000512 _____ () C:\Documents and Settings\Julie2009\Desktop\MBR.dat
2014-12-30 16:31 - 2014-12-30 16:31 - 00000000 ____D () C:\Documents and Settings\Julie2009\Application Data\Curiolab
2014-12-30 15:26 - 2014-12-30 17:24 - 00000000 ____D () C:\Program Files\Exterminate It!
2014-12-30 15:26 - 2014-12-30 15:26 - 00000756 _____ () C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk
2014-12-30 15:26 - 2014-12-30 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Exterminate It!
2014-12-19 09:24 - 2014-12-19 09:24 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-12-06 10:36 - 2014-12-09 09:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-04 14:17 - 2009-08-06 22:44 - 00000000 ____D () C:\Documents and Settings\Julie2009\Local Settings\Temp
2015-01-04 13:57 - 2012-09-13 01:07 - 00420672 _____ () C:\WINDOWS\setupapi.log
2015-01-04 13:52 - 2009-08-07 16:55 - 01692566 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-04 13:45 - 2009-08-07 06:32 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-04 13:45 - 2009-08-07 06:32 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-01-04 13:44 - 2009-08-07 16:07 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{7566E793-C74E-4749-B5BA-3AC6FC1CA703}
2015-01-04 13:44 - 2009-08-06 22:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-04 13:42 - 2009-08-06 22:44 - 00000178 ___SH () C:\Documents and Settings\Julie2009\ntuser.ini
2015-01-04 13:42 - 2009-08-06 22:44 - 00000000 ____D () C:\Documents and Settings\Julie2009
2015-01-04 13:42 - 2009-08-06 22:42 - 00032446 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-04 13:23 - 2010-03-13 15:32 - 00000994 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-776561741-725345543-1004UA.job
2015-01-04 13:22 - 2003-03-31 23:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-02 17:28 - 2009-12-16 14:12 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-02 16:35 - 2014-04-09 11:00 - 00012240 _____ () C:\WINDOWS\KB2936068-IE8.log
2015-01-02 15:20 - 2009-08-06 22:42 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-01-02 15:19 - 2014-04-17 21:45 - 00000000 ____D () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Skype
2014-12-30 23:45 - 2009-08-07 06:29 - 00000211 ___SH () C:\boot.ini
2014-12-30 23:45 - 2003-03-31 23:00 - 00000517 _____ () C:\WINDOWS\win.ini
2014-12-30 23:45 - 2003-03-31 23:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-30 23:21 - 2013-10-25 18:18 - 00000000 ____D () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Deployment
2014-12-30 16:55 - 2011-12-19 09:30 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-12-30 16:53 - 2009-08-06 22:38 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-30 14:12 - 2009-08-07 20:29 - 00000000 ____D () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google
2014-12-30 13:35 - 2009-08-07 16:36 - 00000000 ____D () C:\Documents and Settings\Julie2009\Application Data\MSN6
2014-12-30 13:25 - 2012-06-25 20:47 - 00000000 ____D () C:\Documents and Settings\Julie2009\Application Data\Flood Light Games
2014-12-30 12:23 - 2010-03-13 15:32 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-776561741-725345543-1004Core.job
2014-12-30 12:06 - 2013-06-11 13:56 - 00000000 ____D () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Sun
2014-12-30 11:43 - 2014-07-24 22:02 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-29 11:45 - 2013-05-09 16:41 - 00000000 ____D () C:\Documents and Settings\Julie2009\My Documents\HOUSE
2014-12-19 09:24 - 2011-10-22 16:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-12-19 09:23 - 2011-10-22 16:15 - 00000000 ____D () C:\Program Files\Avira
2014-12-15 12:40 - 2009-08-07 06:30 - 00206963 _____ () C:\WINDOWS\setupact.log
2014-12-13 14:23 - 2009-08-17 19:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-13 14:20 - 2013-07-23 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 14:15 - 2009-08-17 19:39 - 00002515 _____ () C:\Documents and Settings\Julie2009\Desktop\Microsoft Word 2007.lnk
2014-12-13 14:07 - 2009-08-14 12:19 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 14:27 - 2010-03-13 15:33 - 00002316 _____ () C:\Documents and Settings\Julie2009\Desktop\Google Chrome.lnk
2014-12-09 20:01 - 2009-08-09 06:38 - 00030720 _____ () C:\Documents and Settings\Julie2009\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Files to move or delete:
====================
C:\Documents and Settings\Julie2009\tasklist.dat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Julie2009\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Julie2009\Local Settings\Temp\{A5E2A5D6-09EE-45C1-BF6F-527D174E0856}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-01-2015 03
Ran by Julie2009 at 2015-01-04 14:18:08
Running from C:\Documents and Settings\Julie2009\Desktop\virus info
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
101 Kid's Brainy Games (HKLM\...\{25AA6102-EA34-4045-BF7B-EEB3162AD006}) (Version: 1.00.000 - )
102 Dalmatians Activity Center (HKLM\...\102 Dalmatians Activity Center) (Version:  - )
99 Mahjongg (HKLM\...\99 Mahjongg) (Version: 1.0 - )
Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie Bundle - 3 in 1 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118753180}) (Version:  - Oberon Media)
Amazing Adventures Riddle of the Two Knights (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510006214}) (Version:  - Oberon Media)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version:  - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Ethernet Utility (HKLM\...\{FB686487-C637-4EEF-BCB1-C92463F2CC05}) (Version: 1.1.0.3 - Atheros Communications Inc.)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira APC 0.1.0.1 (HKLM\...\{18948029-33D5-4B93-8275-FE1FC7A43D51}_is1) (Version: 0.1.0.1 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira System Speedup (HKLM\...\AviraSpeedup) (Version: 1.3.1.9930 - Avira System Speedup)
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
Disney Interactive Global Compatibility Update June 2003 (HKLM\...\{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb) (Version:  - )
Disney's Activity Centre, A Bug's Life (HKLM\...\Disney's Activity Centre, A Bug's Life) (Version:  - )
D-Link Wireless G DWA-510 (HKLM\...\{BADEDF59-389D-49CA-AD06-7EF12C5C13CD}) (Version:  - D-Link)
DSI (HKLM\...\{3C327134-1238-44A3-A157-83BB11039B0C}) (Version: 1.0.3.2 - Interlinux Ltd)
e-tax 2012 (HKLM\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
e-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.7.491 - Australian Taxation Office)
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.7.707 - Australian Taxation Office)
Exterminate It! (HKLM\...\Exterminate It!) (Version: 1.76.05.25 - Curio Lab)
Google Chrome (HKU\S-1-5-21-839522115-776561741-725345543-1004\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Great Secrets Da Vinci (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114325567}) (Version:  - Oberon Media)
Hot Shots BugDrop (HKLM\...\{2BC98DE5-E58B-48E8-8FAF-B785182AECA7}) (Version: 1.0 - )
Hot Shots SlingShot (HKLM\...\{37CB1C81-3A6C-45C8-9321-01C2CD5ED5CC}) (Version: 1.0 - )
Insaniquarium Deluxe (HKLM\...\Insaniquarium Deluxe) (Version:  - )
InterVideo DVDCopy5 (HKLM\...\{C167A588-87AA-47BF-A88E-5B0F9A14480D}) (Version: 5.0-B4.24 - InterVideo Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Media Go (HKLM\...\{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}) (Version: 1.3.227 - Sony)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires (HKLM\...\Age of Empires) (Version:  - )
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM\...\Zoo Tycoon 1.0) (Version:  - )
Mozilla Firefox 34.0 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Muppet Babies - Air, Land and Sea (HKLM\...\{52496559-216D-483F-AC79-9F9B089F4274}) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.53 - )
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Platform (Version: 1.27 - VIA Technologies, Inc.) Hidden
ProChip FLEX Manager 1.2.2 (HKLM\...\FlexManagerProChip_is1) (Version: 1.2.2.27230 - MYLAPS Sports Timing)
Profiler Hopscotch Killer (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119144927}) (Version:  - Oberon Media)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version:  - )
SeaWorld Adventure Parks Tycoon 3D (HKLM\...\{7A1F1E81-A017-43EE-8A24-E88878164C91}) (Version:  - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SimCity 2000® Special Edition (HKLM\...\SimCity2000CDv1) (Version:  - )
Sudoku XP (HKLM\...\Sudoku XP) (Version:  - )
The Missing - a Search and Rescue Mystery (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005699}) (Version:  - Oberon Media)
The Sims™ Castaway Stories (HKLM\...\{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}) (Version:  - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.27 - VIA Technologies, Inc.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Wiggles (HKLM\...\Wiggles) (Version:  - )
Windows Driver Package - MYLAPS (usbser) Ports  (09/06/2010 1.02) (HKLM\...\F1F75C64F6AF48A19FFE79A321EFF12E4D2DDE1C) (Version: 09/06/2010 1.02 - MYLAPS)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Zoo Tycoon 2 (HKLM\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.135\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.2.183.39\goopdat (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.145\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.123\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.153\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.149\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.165\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.115\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.21.111\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-776561741-725345543-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dl (the data entry has 9 more characters).
 
==================== Restore Points  =========================
 
06-10-2014 09:31:01 System Checkpoint
07-10-2014 10:31:18 System Checkpoint
08-10-2014 11:11:00 System Checkpoint
09-10-2014 13:13:33 System Checkpoint
10-10-2014 13:38:09 System Checkpoint
10-10-2014 16:17:53 Restore Operation
10-10-2014 19:27:14 Removed Skype Web Plugin
10-10-2014 19:28:06 Removed Skype™ 6.16
10-10-2014 19:40:51 Removed Apple Software Update
12-10-2014 12:39:49 Installed DSI
13-10-2014 17:32:14 System Checkpoint
14-10-2014 18:30:07 System Checkpoint
15-10-2014 19:35:09 System Checkpoint
16-10-2014 20:04:19 System Checkpoint
17-10-2014 09:54:12 Software Distribution Service 3.0
18-10-2014 10:33:29 System Checkpoint
19-10-2014 11:40:24 System Checkpoint
21-10-2014 08:42:53 System Checkpoint
22-10-2014 08:50:34 System Checkpoint
23-10-2014 09:02:35 System Checkpoint
24-10-2014 11:53:12 System Checkpoint
25-10-2014 12:07:03 System Checkpoint
26-10-2014 13:06:56 System Checkpoint
27-10-2014 17:08:21 Avira System Speedup(1.3.1.9930)
28-10-2014 17:33:11 System Checkpoint
29-10-2014 18:07:03 System Checkpoint
30-10-2014 18:42:43 System Checkpoint
31-10-2014 19:27:14 System Checkpoint
01-11-2014 19:46:10 System Checkpoint
02-11-2014 21:12:26 System Checkpoint
03-11-2014 21:29:42 System Checkpoint
04-11-2014 21:58:25 System Checkpoint
05-11-2014 22:13:50 System Checkpoint
07-11-2014 11:56:08 System Checkpoint
08-11-2014 12:12:37 System Checkpoint
07-11-2014 11:22:56 System Checkpoint
08-11-2014 17:19:08 System Checkpoint
01-01-2002 00:22:07 System Checkpoint
11-11-2014 15:43:00 System Checkpoint
12-11-2014 15:05:53 Software Distribution Service 3.0
13-11-2014 17:59:23 System Checkpoint
14-11-2014 18:06:26 System Checkpoint
15-11-2014 18:23:13 System Checkpoint
16-11-2014 19:02:30 System Checkpoint
17-11-2014 20:23:08 System Checkpoint
18-11-2014 21:21:58 System Checkpoint
19-11-2014 21:55:27 System Checkpoint
21-11-2014 14:41:40 System Checkpoint
22-11-2014 17:42:49 System Checkpoint
23-11-2014 17:56:41 System Checkpoint
25-11-2014 08:54:41 System Checkpoint
26-11-2014 09:47:05 System Checkpoint
01-01-2002 00:56:14 System Checkpoint
27-11-2014 08:40:42 System Checkpoint
28-11-2014 14:49:53 System Checkpoint
29-11-2014 18:04:04 System Checkpoint
30-11-2014 18:08:05 System Checkpoint
02-12-2014 09:02:51 System Checkpoint
03-12-2014 11:52:44 System Checkpoint
04-12-2014 18:18:33 System Checkpoint
05-12-2014 19:33:26 System Checkpoint
06-12-2014 20:32:59 System Checkpoint
08-12-2014 17:09:12 System Checkpoint
09-12-2014 17:38:10 System Checkpoint
11-12-2014 17:42:00 System Checkpoint
12-12-2014 18:03:26 System Checkpoint
13-12-2014 14:04:36 Software Distribution Service 3.0
14-12-2014 15:15:21 System Checkpoint
15-12-2014 15:25:09 System Checkpoint
16-12-2014 15:37:39 System Checkpoint
17-12-2014 15:46:19 System Checkpoint
18-12-2014 19:48:06 System Checkpoint
19-12-2014 20:13:43 System Checkpoint
22-12-2014 17:08:47 System Checkpoint
23-12-2014 17:48:55 System Checkpoint
26-12-2014 18:25:28 System Checkpoint
27-12-2014 18:32:38 System Checkpoint
28-12-2014 19:14:21 System Checkpoint
29-12-2014 19:44:23 System Checkpoint
30-12-2014 20:23:24 System Checkpoint
02-01-2015 16:34:53 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2003-03-31 23:00 - 2003-03-31 23:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-776561741-725345543-1004Core.job => C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-776561741-725345543-1004UA.job => C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-08-07 16:06 - 2007-12-11 16:36 - 00245760 _____ () C:\WINDOWS\system32\WlanApp.dll
2013-12-14 11:35 - 2011-05-28 19:29 - 00073600 _____ () c:\windows\system32\ezgosvc.dll
2009-08-06 23:37 - 2008-04-14 11:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2009-08-06 23:37 - 2008-04-14 11:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-12-11 14:26 - 2014-12-06 12:50 - 09009480 _____ () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 14:26 - 2014-12-06 12:50 - 01677128 _____ () C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33925258.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41317128.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33925258.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41317128.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk => C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ANIWZCS2Service => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\System32\ctfmon.exe
MSCONFIG\startupreg: D-Link D-Link Wireless G DWA-510 => C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-839522115-776561741-725345543-500 - Administrator - Enabled)
Guest (S-1-5-21-839522115-776561741-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-839522115-776561741-725345543-1000 - Limited - Disabled)
Julie2009 (S-1-5-21-839522115-776561741-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Julie2009
SUPPORT_388945a0 (S-1-5-21-839522115-776561741-725345543-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2015 03:34:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.95, faulting module chrome.dll, version 39.0.2171.95, fault address 0x004fd39c.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (12/30/2014 11:04:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application startfloodlightgames.exe, version 4.8.0.3, faulting module startfloodlightgames.exe, version 4.8.0.3, fault address 0x000013df.
Processing media-specific event for [startfloodlightgames.exe!ws!]
 
Error: (12/30/2014 11:00:45 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
 
Error: (12/30/2014 01:30:13 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:30:08 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:29:38 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:29:32 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:28:33 PM) (Source: Microsoft Management Console) (EventID: 1000) (User: )
Description: mmc.exe5.2.3790.4136unknown0.0.0.000057c06
 
Error: (12/30/2014 01:23:43 PM) (Source: Google Update) (EventID: 1) (User: JULIE)
Description: Google Update has encountered a fatal error.
ver=1.3.25.11;lang=en;guid=;is_machine=0;oop=0;upload=0;minidump=C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\CrashReports\77226d9f-0c19-43f2-bce8-d8dc7f500f1b.dmp
 
Error: (12/30/2014 01:18:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgnt.exe, version 14.0.7.440, faulting module ccmsg.dll, version 14.0.7.440, fault address 0x0000bde3.
Processing media-specific event for [avgnt.exe!ws!]
 
 
System errors:
=============
Error: (01/04/2015 01:45:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPSEC Services service terminated with the following error: 
%%1747
 
Error: (01/04/2015 01:45:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error: 
%%2
 
Error: (01/04/2015 01:45:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UsbCam V2.0 service failed to start due to the following error: 
%%1058
 
Error: (01/04/2015 01:34:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPSEC Services service terminated with the following error: 
%%1747
 
Error: (01/04/2015 01:34:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error: 
%%2
 
Error: (01/04/2015 01:34:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UsbCam V2.0 service failed to start due to the following error: 
%%1058
 
Error: (01/04/2015 01:22:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPSEC Services service terminated with the following error: 
%%1747
 
Error: (01/04/2015 01:22:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error: 
%%2
 
Error: (01/04/2015 01:22:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UsbCam V2.0 service failed to start due to the following error: 
%%1058
 
Error: (01/02/2015 10:45:18 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 27%
Total physical RAM: 3583.11 MB
Available physical RAM: 2611.3 MB
Total Pagefile: 6419.42 MB
Available Pagefile: 5185.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:398.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F525F525)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 04 January 2015 - 07:59 AM

Hi,

 

I can't see the TDSSKiller log because it's a Private Paste.

Can you post it in public please?

 

Thanks! :)

 

Regards,

Georgi


cXfZ4wS.png


#9 JLBUD

JLBUD
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:03 AM

Posted 05 January 2015 - 12:36 AM

Sorry about that, try again.

 

 

 

http://pastebin.com/f5QkHUh5



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 06 January 2015 - 07:08 AM

Hi,

 

It seems that TDSSKiller removed the infection. Do you still experience any problems?

 

 

STEP 1

 

 

t's a good idea to disable the Autorun functionality using MS FixIt to prevent spreading of the infections from USB flash drives.

 

It seems that one of the flash drives was infected:

 

HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {e753c728-a67d-11de-b3f6-0022b0e62681} - F:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe
HKU\S-1-5-21-839522115-776561741-725345543-1004\...\MountPoints2: {f38a9d5c-374d-11e4-bc40-0022b0e62681} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}

 

 

Please download and run the following tool and follow the prompts to disable Autorun on the computer.

Next download USBFix tool from here...make sure that affected flash drive is still connected to the computer.

Run the tool and press the Clean button and wait for the process to complete. This will clean the computer of infections and will vaccinate all of the drives on the computer (including the flash drive) against autorun threats. A log file will be popup after the scan. Please post it in your next reply.

 

 

Let's check for malware leftovers:

 

 

STEP 2

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 3

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#11 JLBUD

JLBUD
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:03 AM

Posted 06 January 2015 - 09:20 PM

Thanks Georgi,

iexplore.exe isnt running anymore so thats good.

 

About the flash drives, I have no idea which one could be infected. We have 2 external hard drives and about 8 flash dives that have been connected to my computer in the last six months, some of which I have no idea where they are now, some belong to the kids. So should I do the above with all of the flash drives I can find?

I dont have autorun enabled for flash drives, always have a dialogue box come up asking me what I want to do once flash drive is connected.

 

Ok where was I...sorry just had kids 12ft trampoline fly past window and over back fence, excitement for the day.

 

so can I just use USBFIX whenever I connect a flash drive to computer until Im sure they are all done.

Can I do step 2 and 3 first? or should I make sure all the flash drives are clean first?

 

a few things that still are not right,

*on desktop there is a DAT file with the name MBR which was created on 30 December 2014, no idea what it is, should I just delete it?

 

*Also you might be able to help me with another problem I have been having with computer for a few years now, I had forgotten about it because its no problem to bypass.

Everytime I turn on computer, after a few seconds the American Megatrends screen comes up and stays there, giving all kinds of options to continue, but the only way I found to get around it and computer to load normally was to enter bios screen by pressing F1 then escaping out of it without making any changes, then computer loads normally. I also suspect backup battery for keeping time is flat as time and date is reset everytime computer is turned off at powerpoint, OR is it just something not set right somewhere? this started around same time as American Megatrends screen started coming up, so possibly something to do with that?

 

 

 

Thankyou for you help so far, has really saved me lots of time and stress trying to solve it myself.

 

Thanks,

Julie



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:03 AM

Posted 08 January 2015 - 03:00 PM

Hello Julie,

 

I am glad to hear there is an improvement. :)

 

About the flash drives, I have no idea which one could be infected. We have 2 external hard drives and about 8 flash dives that have been connected to my computer in the last six months, some of which I have no idea where they are now, some belong to the kids. So should I do the above with all of the flash drives I can find?

I dont have autorun enabled for flash drives, always have a dialogue box come up asking me what I want to do once flash drive is connected.

 

Ok where was I...sorry just had kids 12ft trampoline fly past window and over back fence, excitement for the day.

 

so can I just use USBFIX whenever I connect a flash drive to computer until Im sure they are all done.

Can I do step 2 and 3 first? or should I make sure all the flash drives are clean first?

 

There is no problem to proceed with step 2 and 3 first but be sure to run the following tool and follow the prompts to disable Autorun on the computer completely.

Also please be aware that there is a differenced between autorun and autoplay. See the link below for more information:

What's the difference between AutoPlay and autorun?

I suggest that you disable Autoplay as well for security purpose.

See here how to do this:

LINK 1

LINK 2

 

a few things that still are not right,

*on desktop there is a DAT file with the name MBR which was created on 30 December 2014, no idea what it is, should I just delete it?

 

The file is a copy of the Master Boot Record (MBR) and it is created by aswMBR so it is safe to delete it. :)

 

*Also you might be able to help me with another problem I have been having with computer for a few years now, I had forgotten about it because its no problem to bypass.

Everytime I turn on computer, after a few seconds the American Megatrends screen comes up and stays there, giving all kinds of options to continue, but the only way I found to get around it and computer to load normally was to enter bios screen by pressing F1 then escaping out of it without making any changes, then computer loads normally. I also suspect backup battery for keeping time is flat as time and date is reset everytime computer is turned off at powerpoint, OR is it just something not set right somewhere? this started around same time as American Megatrends screen started coming up, so possibly something to do with that?

 

The error means that you probably need to replace the CMOS battery on your motherboard or you need to adjust the CPU fan speed in BIOS (but regarding the date issue I guess that the culprit is the CMOS).

Check the links below for more information on how to replace the battery:

 

http://www.computerhope.com/issues/ch000239.htm

 

Hope this helps! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#13 JLBUD

JLBUD
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:03 AM

Posted 09 January 2015 - 07:35 AM

Hi Georgi,
Havent been able to stop autoplay as when I type the gpedit.msc into run it says it doesnt exist.
 
Next problem...after doing the scan with Malwarebytes, the log file didnt exist but the 5 items detected where moved to Quarantine...I cant seem to post a screen shot here.
The items found were all frostwire, ilividsetup.exe file and 4 registry keys.
 
Also while I was doing the scan, Avira blocked startfloodlightgames.exe and moved it to quarantine.
 
Anyway its getting late here and I cant think anymore.
Thanks for your help so far, I hope we can get this sorted out soon.
 
Thanks,
Julie


#14 JLBUD

JLBUD
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:03 AM

Posted 09 January 2015 - 11:58 PM

HitmanPro 3.7.9.233
www.hitmanpro.com
 
   Computer name . . . . : JULIE
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : JULIE\Julie2009
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-01-10 15:43:32
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 14m 9s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 103
 
   Objects scanned . . . : 641,832
   Files scanned . . . . : 45,119
   Remnants scanned  . . : 186,550 files / 410,163 keys
 
Suspicious files ____________________________________________________________
 
   C:\Documents and Settings\Julie2009\Desktop\virus info\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1,114,624 bytes
      Age  . . . . . . . : 10.7 days (2014-12-30 22:05:32)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : FE2D272E9E7468BAB89F4E6B937833A1B52AD0BF5D914450C3E804F94124A824
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Documents and Settings\Julie2009\Desktop\virus info\FRST-OlderVersion\FRST.exe
          0.0s C:\Documents and Settings\Julie2009\Desktop\virus info\FRST-OlderVersion\FRST.exe
          0.0s C:\Documents and Settings\Julie2009\Desktop\virus info\FRST-OlderVersion\FRST.exe
 
   C:\Documents and Settings\Julie2009\Desktop\virus info\FRST.exe
      Size . . . . . . . : 1,115,136 bytes
      Age  . . . . . . . : 6.1 days (2015-01-04 14:16:59)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : F3D620BE6B282085B92E26F4CE2CD70C53112620233B4F1F0321A2FD1B96FE2D
      Needs elevation  . : Yes
      Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/d152de9e5e08416dbfef003bd228c247/54a8b094/windows/security/security-utilities/f/farbar-recovery-scan-tool/32/FRST.exe
      Fuzzy  . . . . . . : 27.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-839522115-776561741-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Julie2009\Desktop\virus info\FRST.exe
      Forensic Cluster
         -0.3s C:\Documents and Settings\Julie2009\Cookies\ISILWOFM.txt
         -0.3s C:\Documents and Settings\Julie2009\Cookies\PPWXBD47.txt
          0.0s C:\Documents and Settings\Julie2009\Local Settings\Temporary Internet Files\Content.IE5\3UCS1EFW\FRST[1].exe
          0.0s C:\Documents and Settings\Julie2009\Desktop\virus info\FRST.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   C:\Documents and Settings\All Users\Application Data\APN\ (AskBar)
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\APN\ (AskBar)
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\APN\GoogleCRXs\ (AskBar)
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\APN\GoogleCRXs\apnorjtoolbar.crx (AskBar)
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\AskPartnerNetwork\ (AskBar)
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\ (AskBar)
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (AskBar)
      Size . . . . . . . : 150,936 bytes
      Age  . . . . . . . : 198.9 days (2014-06-25 17:00:12)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 6BF6C2599ECB208B6A03F8A8B9326C7001F9AFC1B9EA686B0CF7361B3B064C8F
      Product  . . . . . : IDC
      Publisher  . . . . : APN LLC.
      Description  . . . : IDC Loader
      Version  . . . . . : 1.0.0.262
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0
 
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (AskBar)
      Size . . . . . . . : 390,040 bytes
      Age  . . . . . . . : 198.9 days (2014-06-25 17:00:12)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 82A05356891CC72E6DE4059802C1484D13A06F7C2D57C69A1CC6600E1C3F645A
      Product  . . . . . : IdcSrv
      Publisher  . . . . : APN
      Description  . . . : IDC Server
      Version  . . . . . : 1.0.0.262
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0
 
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (AskBar)
      Size . . . . . . . : 59,800 bytes
      Age  . . . . . . . : 198.9 days (2014-06-25 17:00:12)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : A20A81F9AD78352693D8A58C419A756296316729818D658F27B321F8CC9D7E19
      Product  . . . . . : IDC Server Stub
      Publisher  . . . . : APN LLC
      Description  . . . : IDC Server Stub
      Version  . . . . . : 1.0.0.262
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0
 
   C:\Documents and Settings\LocalService\Local Settings\Application Data\AskPartnerNetwork\ (AskBar)
   C:\Documents and Settings\LocalService\Local Settings\Application Data\AskPartnerNetwork\Toolbar\AVIRA-V7\ (AskBar)
   C:\Documents and Settings\LocalService\Local Settings\Application Data\AskPartnerNetwork\Toolbar\AVIRA-V7\APNStorage.stg (AskBar)
   C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar\ (AskBar)
   C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar\accl.xml (AskBar)
   C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar\cache.dat (AskBar)
   C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar\config.xml (AskBar)
   C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar\osearch.xml (AskBar)
   C:\Program Files\AskPartnerNetwork\ (AskBar)
   C:\Program Files\AskPartnerNetwork\Toolbar\ (AskBar)
   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (AskBar)
      Size . . . . . . . : 165,784 bytes
      Age  . . . . . . . : 200.2 days (2014-06-24 10:58:10)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 1131F3134A8F9B899BDB6F3CAAC73AF31DE703DC922F4F24BC87994CB859F40D
      Product  . . . . . : APN Updater
      Publisher  . . . . : APN LLC.
      Description  . . . : APN Updater
      Version  . . . . . : 21.8.0.261
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0
 
   C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe (AskBar)
      Size . . . . . . . : 509,872 bytes
      Age  . . . . . . . : 330.3 days (2014-02-14 08:00:32)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 01D0C3E9722ED6979335F50C8791B46529CAA1AD62A2774A7261AF3618E7291A
      Product  . . . . . : Stub Installer
      Publisher  . . . . : Ask Partner Network
      Description  . . . : Stub Installer
      Version  . . . . . : 7.5.0.5
      Copyright  . . . . : Copyright © 2013 Ask Partner Network.  All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0
      References
         HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe
         HKU\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe
 
   C:\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe (AskBar)
      Size . . . . . . . : 106,392 bytes
      Age  . . . . . . . : 200.2 days (2014-06-24 10:58:10)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 534121DB530EEE3AF43A1233CAABED35E1D89380D32139AF1B0ED209FC875845
      Product  . . . . . : Update Manager
      Publisher  . . . . : APN LLC.
      Description  . . . : Update Manager
      Version  . . . . . : 21.8.0.261
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -19.0
 
   HKLM\SOFTWARE\AskPartnerNetwork\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646\ (AskBar)
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_APNMCP\ (AskBar)
   HKLM\SYSTEM\ControlSet001\Services\APNMCP\ (AskBar)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_APNMCP\ (AskBar)
   HKLM\SYSTEM\ControlSet002\Services\APNMCP\ (AskBar)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APNMCP\ (AskBar)
   HKLM\SYSTEM\CurrentControlSet\Services\APNMCP\ (AskBar)
   HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar)
   HKU\.DEFAULT\Software\AskToolbar\ (AskBar)
   HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-18\Software\AskToolbar\ (AskBar)
   HKU\S-1-5-21-839522115-776561741-725345543-1004\Software\AskPartnerNetwork\ (AskBar)
 
Cookies _____________________________________________________________________
 
   C:\Documents and Settings\Julie2009\Cookies\067GAN2P.txt
   C:\Documents and Settings\Julie2009\Cookies\0K6HJBJW.txt
   C:\Documents and Settings\Julie2009\Cookies\0MKBF23P.txt
   C:\Documents and Settings\Julie2009\Cookies\1LY2CB7H.txt
   C:\Documents and Settings\Julie2009\Cookies\1WCZD4WL.txt
   C:\Documents and Settings\Julie2009\Cookies\2IC1T3QL.txt
   C:\Documents and Settings\Julie2009\Cookies\2SBPAEY2.txt
   C:\Documents and Settings\Julie2009\Cookies\3O5314MT.txt
   C:\Documents and Settings\Julie2009\Cookies\3YVKRDBN.txt
   C:\Documents and Settings\Julie2009\Cookies\6BIFLN1A.txt
   C:\Documents and Settings\Julie2009\Cookies\78T20PTQ.txt
   C:\Documents and Settings\Julie2009\Cookies\C5YLAAHD.txt
   C:\Documents and Settings\Julie2009\Cookies\CKRK4S40.txt
   C:\Documents and Settings\Julie2009\Cookies\EPDXHJP8.txt
   C:\Documents and Settings\Julie2009\Cookies\F73JC81W.txt
   C:\Documents and Settings\Julie2009\Cookies\GE6ZPTWB.txt
   C:\Documents and Settings\Julie2009\Cookies\HA34KEVC.txt
   C:\Documents and Settings\Julie2009\Cookies\J4NSLVCN.txt
   C:\Documents and Settings\Julie2009\Cookies\JPVQKZZJ.txt
   C:\Documents and Settings\Julie2009\Cookies\K714JEIB.txt
   C:\Documents and Settings\Julie2009\Cookies\KVEN0KFN.txt
   C:\Documents and Settings\Julie2009\Cookies\LQ6Q0AV1.txt
   C:\Documents and Settings\Julie2009\Cookies\LSSWFT92.txt
   C:\Documents and Settings\Julie2009\Cookies\NNUZQ932.txt
   C:\Documents and Settings\Julie2009\Cookies\T2EEMNKQ.txt
   C:\Documents and Settings\Julie2009\Cookies\U83ZZNFI.txt
   C:\Documents and Settings\Julie2009\Cookies\UJ11XTCA.txt
   C:\Documents and Settings\Julie2009\Cookies\URCEXE3O.txt
   C:\Documents and Settings\Julie2009\Cookies\VJ49P1F2.txt
   C:\Documents and Settings\Julie2009\Cookies\VPP9VJO1.txt
   C:\Documents and Settings\Julie2009\Cookies\WKZ45LRI.txt
   C:\Documents and Settings\Julie2009\Cookies\X1457TP3.txt
   C:\Documents and Settings\Julie2009\Cookies\YVH0599X.txt
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.servebom.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:xiti.com
 
 


#15 JLBUD

JLBUD
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:03 AM

Posted 10 January 2015 - 01:42 AM

Just did another MalwareBytes scan, here is the log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/01/2015
Scan Time: 4:04:25 PM
Logfile: MB.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.10.04
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Julie2009
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340436
Time Elapsed: 1 hr, 1 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 85
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\adapter, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\abstractbutton, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\abstractbutton\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\alert, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\alert\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedhtml, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedhtml\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedhtml\html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedhtml\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedscript, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedscript\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedscript\html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedscript\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\flare, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\flare\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\flare\icons, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\generic, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\generic\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\link, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\link\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\images, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\rss, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\rss\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\thirdparty, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\thirdparty\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\uninstall, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\uninstall\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\weather, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\weather\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\common, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\radio, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\radio\css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\radio\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\rss, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\rss\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\test, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\topapps, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\topapps\css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\topapps\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\weather, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\weather\css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\weather\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api\window, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\moviereviews, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\moviereviews\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\moviereviews\css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\moviereviews\html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\moviereviews\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio\css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio\foreground, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio\radioWrapper, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\search, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\search\background, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\search\html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\icons, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\native, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\native\libs, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\shared, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\_metadata, Quarantined, [494fec088affc373b425c7a057acf20e], 
 
Files: 217
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\bg.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\buildVars, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\buildVars.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\companionSW.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\config.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\contentScript.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\contentScript.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\debug.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\debug.jade, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\extension_toolbar_api.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\initWidgetWindow.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\manifest.json, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\newTabContentScript.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\options.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\spent.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\spent.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\spent.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\spent2.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\spent2.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\spentJ.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\spentK.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\spentK.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\startup.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\stub.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\stubby.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\superFrame.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\toolbar.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\toolbar.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\toolbarUI.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\toolbarUI.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\toolbarUI.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\url.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\adapter\adapterUtil.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\adapter\widget-adapter.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\alert\background\alertButton.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\flare\background\FlareWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\flare\icons\Thumbs.db, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\generic\background\GenericWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\link\background\linkButton.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\README.txt, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\background\menuButton.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\css\menuframe.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\html\menuframe.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\images\right_arrow.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\images\right_arrow_white.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\js\menuframe.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\js\query-string.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\rss\background\RssWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\components\weather\background\weatherButton.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\bs.30.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\common.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\dynamic.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\enableDetect.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\eventListening.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\global.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\jquery-1.7.1.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\list-interaction.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\messageEventListener.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\navRedirector.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\paramReplacer.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\PartnerId.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\set.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\underscore-1.3.1.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\underscore-1.5.2.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\js\unifiedLogging.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widget-context-1.0.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\common\common.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\common\set.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\test\invalid.json, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\test\jquery.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\test\qunit.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\test\qunit.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\test\resource.json, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\test\resource.xml, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api\background\ApiBasedWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api\background\widget-api-impl.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api\window\widgetWindow.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\api\window\widgetWindow.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\background\updateSearch.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\moviereviews\css\movieReviews.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\moviereviews\html\movieReviews.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\moviereviews\js\movieReviews.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio\background\RadioWidget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio\css\toolbar-item.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio\foreground\button.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\search\background\searchBox.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\search\html\searchSuggestions.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\search\html\searchSuggestions.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\search\html\searchSuggestions.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\search\html\searchSuggestionsInit.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\css\supertab.css, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\html\supertab.html, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\js\newtabfork.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\js\reporting.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\js\srchsugg.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\js\supertab.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\js\unifiedLogging.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\components\supertab\js\__utm.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\icons\arrowSprite.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\icons\icon128.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\icons\icon16.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\icons\icon19disabled.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\icons\icon19on.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\icons\icon48.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\222098089.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\222124472.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\222124475.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\222124500.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\222124501.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\222124502.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\222124516.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\down_arrow.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\magnifying_glass.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\RadioPlayerSprite.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\search_button.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\tvf_icon_guide.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\tvf_logo.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\images\wrench.png, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\chromeUtils.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\exeManager.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\exeManagerNMD.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\exePackageManager.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\focusManager.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\globalBlacklistManager.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\messaging.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\mutation_summary-min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\mutation_summary.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\nativeMessagingDispatcher.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\newTabInfo.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\newTabInitialize.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\options.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\readLocalStorage.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\reservespacefortoolbar.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\reservespaceifenabled.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\scriptInjector.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\searchContext.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\settingsOverrides.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\toolbarCookieParser.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\toolbarPreinit.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\underscore-1.3.1.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\URILoaderContentScript.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\Widget.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\widgetContentScriptInjectee.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\widgetFactory.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\js\widgetWindowManager.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\native\cache.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\native\ce.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\native\debug.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\native\ss.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\native\libs\jquery-1.7.1.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\native\libs\jquery-1.9.1.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\native\libs\underscore-1.5.2.min.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\shared\HttpURL.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\shared\rsvp-latest.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\shared\unifiedLogging.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\shared\universalConsole.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\shared\utils.js, Quarantined, [494fec088affc373b425c7a057acf20e], 
PUP.Optional.MindSpark.A, C:\Documents and Settings\Julie2009\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo\11.87.5.11164_0\_metadata\verified_contents.json, Quarantined, [494fec088affc373b425c7a057acf20e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users