Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webmail, Blank Page, Driver Finder, Adobe update,Error Message


  • This topic is locked This topic is locked
24 replies to this topic

#1 nurse_shark

nurse_shark

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 05 January 2015 - 08:07 PM

I can't put the computer in anything but Safe Mode. I have Malware Bytes, but I can't post any logs, because it won't boot normally. Every time I use the internet...I get four errors. First I get Webmail and Driver Finder. I also get an update for Abobe (which is not the real site). The Error Message I have gotten is "Cannot start application: the application is improperly formatted. Contact the application vendor for assistance." It opens up lots of these windows. I'm only surfing the internet when this happens. It's only been happening the last couple months.

 

I will add the Hijack This log and the DDS log.

.Attached File  hijackthis.log   13.53KB   0 downloadsAttached File  dds.txt   26.33KB   1 downloads
 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 06 January 2015 - 04:54 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 nurse_shark

nurse_shark
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 06 January 2015 - 12:33 PM

I realize I can't get my e-mail while it's in Safe Mode. I'll just check here!



#4 nurse_shark

nurse_shark
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 06 January 2015 - 08:54 PM

First Marius, thank you for responding to me!

 

The computer booted normally...I'm not really sure why. It's needs to be rebooted often. It stops working frequently.

 

 

I was unable to run Systems Recovery. I couldn't remember my password (I tried everything I thought it could be).I even called Microsoft...I got an answering system, which directed me to a website to change my password. I found out it was not the Windows password. It was the Microsoft Live (chat) one!

 

I have ADW Cleaner, but I haven't used it. I just scanned it, but did nothing.

 

I did frst64(I checked) in the Command Prompt Safe Mode.

 

I'll add it.

 

 

<>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by Terri (administrator) on TERRI-PC on 06-01-2015 17:23:09
Running from e:\
Loaded Profile: Terri (Available profiles: Terri)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-03-23] (Lenovo)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-23] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PelBrain] => C:\ProgramData\HP Link5 Config\PelLink5.exe [153496 2010-11-19] (Primax Electronics Ltd.)
HKLM-x32\...\Run: [HPMonitor] => C:\Program Files (x86)\Hewlett-Packard\HP LInk5 Monitor\hpMonitor21.exe [101784 2010-11-19] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-15] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [WinCheck] => C:\Users\Terri\AppData\Local\wincheck\wincheck.exe [528896 2015-01-05] ()
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\Run: [Livedrive] => C:\Program Files (x86)\Pctechclinic Inc\OpenAccess.exe [1835008 2013-03-29] (Pctechclinic Inc)
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\Run: [BitTorrent] => C:\Users\Terri\AppData\Roaming\BitTorrent\BitTorrent.exe [1381208 2014-12-12] (BitTorrent Inc.)
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Keyboard Monitor.lnk
ShortcutTarget: HP Keyboard Monitor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Keyboard Suite\hpBengalMonitor.exe (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm038^YYA^ca&si=pd-angels&ptb=D0F031D1-F507-480F-B4C8-8ED706DC00A5&ind=2013083022&n=77fd358e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=FFEA7D8CE355680606A83B50C8F908F7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm038^YYA^ca&si=pd-angels&ptb=D0F031D1-F507-480F-B4C8-8ED706DC00A5&ind=2013083022&n=77fd358e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {9C26C52B-5E4A-429A-AF41-395BF057F736} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: BrowserHelper Class -> {EDF48A39-1442-463F-9F4E-F376A78D034A} -> C:\Program Files (x86)\Pctechclinic Inc\ExplorerExtensions.dll (Livedrive Internet Ltd)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: IconixBHOClass Class -> {761233B6-F228-49E4-8F6B-668499D4E55A} -> C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll ()
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Coupon Marvel - C:\Users\Terri\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\jid1-xGIjYAPvEA9ENA@jetpack.xpi [2014-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-07-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2012-12-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-15] (Kaspersky Lab ZAO)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 IconixService; C:\Program Files (x86)\Common Files\Iconix\IconixService.exe [284512 2012-03-19] ()
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
S2 lsdprn; C:\windows\SysWOW64\lsdprn.exe [268600 2014-11-02] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Pctechclinic IncVSSService; C:\Program Files (x86)\Pctechclinic Inc\VSSService.exe [213136 2013-03-29] ()
S2 PelLinkS; C:\ProgramData\HP Link5 Config\PelLinkS.exe [178072 2010-11-19] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-10-09] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
S1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-10-09] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-10-09] (BitDefender LLC)
S1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
S1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-26] (GFI Software)
S3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
S3 HPMoA407; C:\Windows\System32\DRIVERS\HPMoA407.sys [25088 2010-10-25] (TPMX Electronics Ltd.)
S3 HPubA407; C:\Windows\System32\Drivers\HPubA407.sys [18944 2010-11-04] (TPMX Electronics Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-02] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-06] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-06] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-04-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-15] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-15] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [261712 2010-11-09] (Jungo)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
S0 selkkf; System32\drivers\dnxqybut.sys [X]
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 17:13 - 2015-01-06 17:13 - 00003352 ____N () C:\bootsqm.dat
2015-01-06 15:34 - 2015-01-06 15:34 - 02123776 _____ (Farbar) C:\Users\Terri\Downloads\FRST64.exe
2015-01-06 12:52 - 2015-01-06 17:23 - 00000000 ____D () C:\FRST
2015-01-05 16:53 - 2015-01-05 16:53 - 00019195 _____ () C:\Users\Terri\Desktop\AdwCleaner[R0].txt
2015-01-05 16:47 - 2015-01-05 16:50 - 00000000 ____D () C:\AdwCleaner
2015-01-05 16:41 - 2015-01-05 16:43 - 00012528 _____ () C:\Users\Terri\Desktop\attach.txt
2015-01-05 16:41 - 2015-01-05 16:41 - 00026966 _____ () C:\Users\Terri\Desktop\dds.txt
2015-01-05 16:40 - 2015-01-05 16:40 - 00688992 ____R (Swearware) C:\Users\Terri\Downloads\dds.com
2015-01-05 15:26 - 2015-01-05 15:26 - 00001413 _____ () C:\Users\Terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-05 15:26 - 2015-01-05 15:26 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-05 15:26 - 2015-01-05 15:26 - 00000000 ____D () C:\Users\Terri\AppData\Local\wincheck
2015-01-05 15:23 - 2015-01-05 15:26 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\Opera Software
2015-01-05 15:23 - 2015-01-05 15:26 - 00000000 ____D () C:\Users\Terri\AppData\Local\Opera Software
2015-01-05 15:22 - 2015-01-05 15:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-05 15:22 - 2015-01-05 15:23 - 00000000 ____D () C:\Users\Terri\Documents\Java
2015-01-05 14:24 - 2015-01-06 16:17 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 14:24 - 2015-01-05 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 14:24 - 2015-01-05 14:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 14:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-05 14:24 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-05 14:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-04 13:21 - 2015-01-04 13:22 - 00013854 _____ () C:\Users\Terri\Desktop\hijackthis.log
2014-12-31 18:03 - 2014-12-31 18:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Terri\Downloads\HijackThis (2).exe
2014-12-31 17:58 - 2014-12-31 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Terri\Downloads\HijackThis.exe
2014-12-31 14:37 - 2014-12-31 14:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 15:49 - 2014-12-30 15:49 - 00000000 ____D () C:\ProgramData\BitDefender
2014-12-30 15:37 - 2014-12-30 15:37 - 00004648 _____ () C:\windows\SysWOW64\LavasoftTcpService.ini
2014-12-30 15:37 - 2014-12-30 15:37 - 00002480 _____ () C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-30 15:37 - 2014-12-30 15:37 - 00002480 _____ () C:\windows\system32\LavasoftTcpServiceOff.ini
2014-12-30 15:37 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2014-12-30 15:37 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2014-12-30 15:35 - 2014-12-30 17:42 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\Lavasoft
2014-12-30 15:34 - 2014-12-30 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-12-30 15:34 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\windows\system32\bdnc.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\windows\system32\bdsmtpp.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\windows\system32\BdFirewallSDK.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\windows\system32\httproxy.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00156936 _____ () C:\windows\system32\bdfwcore.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\windows\system32\bdpop3p.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\windows\system32\OEMbdpredir.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\windows\system32\bdpredir.dll
2014-12-30 15:33 - 2014-12-30 15:33 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-12-30 15:30 - 2014-12-30 15:30 - 00000000 ____D () C:\Program Files\Lavasoft
2014-12-30 15:26 - 2014-12-30 15:26 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-12-30 15:25 - 2014-12-30 17:42 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-30 14:58 - 2014-12-30 14:58 - 00003190 _____ () C:\windows\System32\Tasks\{C82E3CAD-A530-477C-AA18-22304156AC15}
2014-12-30 14:58 - 2014-12-30 14:58 - 00003190 _____ () C:\windows\System32\Tasks\{AA87F2CD-22A8-4B02-A496-08FF791D25EE}
2014-12-30 14:45 - 2014-12-30 14:45 - 00003442 _____ () C:\windows\System32\Tasks\DoctorPC_Popup
2014-12-30 14:45 - 2014-12-30 14:45 - 00003178 _____ () C:\windows\System32\Tasks\DoctorPC_Start
2014-12-30 14:44 - 2014-12-30 14:48 - 00000000 ____D () C:\Users\Terri\Documents\DoctorPC
2014-12-30 14:44 - 2014-12-30 14:44 - 00000000 ____D () C:\Users\Terri\AppData\Local\Doctor_PC
2014-12-30 14:38 - 2015-01-06 17:15 - 00001338 _____ () C:\windows\Tasks\DLCNHF.job
2014-12-30 14:38 - 2014-12-30 14:38 - 00004364 _____ () C:\windows\System32\Tasks\DLCNHF
2014-12-29 17:34 - 2014-12-31 15:56 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 _____ () C:\END
2014-12-27 13:38 - 2014-12-27 13:38 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-17 15:59 - 2014-12-17 16:00 - 00000000 ____D () C:\Users\Terri\Downloads\The Expendables 3 DVDRip
2014-12-17 11:15 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-17 11:15 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-15 13:48 - 2014-12-15 13:59 - 00000000 ____D () C:\Users\Terri\Downloads\[ www.Torrentday.com ] - Hunger Games Mocking Jay Pt.1 CAM x264 AAC-REFiRB
2014-12-12 12:56 - 2014-12-12 12:56 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 11:01 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 11:01 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 11:01 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 11:01 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 11:01 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 11:01 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 11:01 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 11:01 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 11:01 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 11:01 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 11:01 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 11:01 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 11:01 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 11:01 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 11:01 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 11:01 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 11:01 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:01 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 11:01 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 11:01 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 11:01 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:01 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 11:01 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 11:01 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 11:01 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 11:01 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 11:01 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 11:01 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 11:01 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 11:01 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 11:01 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 11:01 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 11:01 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 11:01 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 11:01 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 11:01 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 11:01 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 11:01 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 11:01 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 11:01 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 11:01 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 11:01 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 11:01 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 11:01 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 11:01 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 11:01 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 11:01 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 11:01 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 11:01 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 11:01 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 11:01 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 11:01 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 11:01 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 11:01 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 10:56 - 2014-12-03 19:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 10:56 - 2014-12-01 16:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-10 10:53 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 10:53 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 10:53 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 10:48 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 10:48 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 10:48 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-10 10:48 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-10 10:48 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-10 10:48 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-10 10:48 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-10 10:48 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-10 10:48 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-10 10:48 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-10 10:47 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 10:47 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 10:47 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 10:47 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 10:47 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 10:47 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 10:47 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 10:47 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 10:47 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 10:47 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 10:47 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 10:47 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 10:47 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 10:47 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 17:20 - 2009-07-13 22:13 - 00803594 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 17:16 - 2012-03-23 15:52 - 00104014 _____ () C:\windows\system32\fastboot.set
2015-01-06 17:15 - 2013-07-02 14:23 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-06 17:15 - 2012-03-23 15:27 - 04894981 _____ () C:\FaceProv.log
2015-01-06 17:15 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-06 17:14 - 2009-07-13 21:51 - 00047846 _____ () C:\windows\setupact.log
2015-01-06 16:55 - 2012-05-23 20:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 16:27 - 2012-05-14 16:04 - 00000000 ____D () C:\Users\Terri\Documents\Outlook Files
2015-01-06 16:21 - 2012-08-26 13:00 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\BitTorrent
2015-01-06 16:20 - 2012-03-23 14:38 - 01286594 _____ () C:\windows\WindowsUpdate.log
2015-01-06 16:10 - 2009-07-13 21:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 16:10 - 2009-07-13 21:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 15:54 - 2012-03-23 15:27 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-06 12:35 - 2010-11-20 20:47 - 00602520 _____ () C:\windows\PFRO.log
2015-01-05 15:59 - 2014-08-29 15:47 - 00000000 ___HD () C:\windows\AxInstSV
2015-01-05 14:15 - 2012-11-29 11:09 - 00000000 ____D () C:\Users\Terri\AppData\Local\Deployment
2015-01-04 15:46 - 2013-05-14 10:40 - 00817092 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-31 15:57 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SchCache
2014-12-31 15:56 - 2013-11-07 11:12 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\Systweak
2014-12-30 22:10 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-30 20:56 - 2013-08-12 16:44 - 00000000 ____D () C:\Program Files (x86)\Pctechclinic Inc
2014-12-30 17:18 - 2013-02-15 20:39 - 00000351 _____ () C:\prefs.js
2014-12-30 14:38 - 2012-03-23 15:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-27 13:50 - 2013-11-18 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-18 10:38 - 2012-10-27 15:54 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-18 10:37 - 2012-03-23 15:18 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-17 18:22 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-12-17 16:27 - 2014-08-20 12:14 - 00000000 ____D () C:\Users\Terri\AppData\Local\Adobe
2014-12-17 16:27 - 2012-05-23 20:40 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-17 16:27 - 2012-05-23 20:39 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-17 16:27 - 2012-05-23 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-17 15:40 - 2013-11-18 16:17 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\vlc
2014-12-12 12:56 - 2014-05-02 12:08 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 12:56 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-12 12:56 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-12 11:36 - 2012-05-11 15:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 11:00 - 2013-08-13 17:49 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 10:51 - 2012-05-11 14:25 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-08 14:33 - 2014-11-21 16:19 - 00000000 ____D () C:\Program Files\010

Some content of TEMP:
====================
C:\Users\Terri\AppData\Local\Temp\590b512d-2420-4605-a972-c291ffc2874c.exe
C:\Users\Terri\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Terri\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Terri\AppData\Local\Temp\6_Offer_9.exe
C:\Users\Terri\AppData\Local\Temp\amisetup7688__11121.exe
C:\Users\Terri\AppData\Local\Temp\BackupSetup.exe
C:\Users\Terri\AppData\Local\Temp\htmlayout.dll
C:\Users\Terri\AppData\Local\Temp\ICReinstall_winzip19-cnet.exe
C:\Users\Terri\AppData\Local\Temp\ms.exe
C:\Users\Terri\AppData\Local\Temp\optprosetup.exe
C:\Users\Terri\AppData\Local\Temp\Runner2.exe
C:\Users\Terri\AppData\Local\Temp\Runner4.exe
C:\Users\Terri\AppData\Local\Temp\SpOrder.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-30 20:54

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by Terri (administrator) on TERRI-PC on 06-01-2015 17:23:09
Running from e:\
Loaded Profile: Terri (Available profiles: Terri)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-03-23] (Lenovo)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-23] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PelBrain] => C:\ProgramData\HP Link5 Config\PelLink5.exe [153496 2010-11-19] (Primax Electronics Ltd.)
HKLM-x32\...\Run: [HPMonitor] => C:\Program Files (x86)\Hewlett-Packard\HP LInk5 Monitor\hpMonitor21.exe [101784 2010-11-19] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-15] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [WinCheck] => C:\Users\Terri\AppData\Local\wincheck\wincheck.exe [528896 2015-01-05] ()
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\Run: [Livedrive] => C:\Program Files (x86)\Pctechclinic Inc\OpenAccess.exe [1835008 2013-03-29] (Pctechclinic Inc)
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\Run: [BitTorrent] => C:\Users\Terri\AppData\Roaming\BitTorrent\BitTorrent.exe [1381208 2014-12-12] (BitTorrent Inc.)
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Keyboard Monitor.lnk
ShortcutTarget: HP Keyboard Monitor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Keyboard Suite\hpBengalMonitor.exe (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1095237210-819956943-3649504818-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm038^YYA^ca&si=pd-angels&ptb=D0F031D1-F507-480F-B4C8-8ED706DC00A5&ind=2013083022&n=77fd358e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=FFEA7D8CE355680606A83B50C8F908F7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm038^YYA^ca&si=pd-angels&ptb=D0F031D1-F507-480F-B4C8-8ED706DC00A5&ind=2013083022&n=77fd358e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {9C26C52B-5E4A-429A-AF41-395BF057F736} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: BrowserHelper Class -> {EDF48A39-1442-463F-9F4E-F376A78D034A} -> C:\Program Files (x86)\Pctechclinic Inc\ExplorerExtensions.dll (Livedrive Internet Ltd)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: IconixBHOClass Class -> {761233B6-F228-49E4-8F6B-668499D4E55A} -> C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll ()
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Coupon Marvel - C:\Users\Terri\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\jid1-xGIjYAPvEA9ENA@jetpack.xpi [2014-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-07-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2012-12-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-15] (Kaspersky Lab ZAO)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 IconixService; C:\Program Files (x86)\Common Files\Iconix\IconixService.exe [284512 2012-03-19] ()
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
S2 lsdprn; C:\windows\SysWOW64\lsdprn.exe [268600 2014-11-02] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Pctechclinic IncVSSService; C:\Program Files (x86)\Pctechclinic Inc\VSSService.exe [213136 2013-03-29] ()
S2 PelLinkS; C:\ProgramData\HP Link5 Config\PelLinkS.exe [178072 2010-11-19] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-10-09] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
S1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-10-09] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-10-09] (BitDefender LLC)
S1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
S1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-26] (GFI Software)
S3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
S3 HPMoA407; C:\Windows\System32\DRIVERS\HPMoA407.sys [25088 2010-10-25] (TPMX Electronics Ltd.)
S3 HPubA407; C:\Windows\System32\Drivers\HPubA407.sys [18944 2010-11-04] (TPMX Electronics Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-02] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-06] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-06] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-04-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-15] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-15] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [261712 2010-11-09] (Jungo)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
S0 selkkf; System32\drivers\dnxqybut.sys [X]
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 17:13 - 2015-01-06 17:13 - 00003352 ____N () C:\bootsqm.dat
2015-01-06 15:34 - 2015-01-06 15:34 - 02123776 _____ (Farbar) C:\Users\Terri\Downloads\FRST64.exe
2015-01-06 12:52 - 2015-01-06 17:23 - 00000000 ____D () C:\FRST
2015-01-05 16:53 - 2015-01-05 16:53 - 00019195 _____ () C:\Users\Terri\Desktop\AdwCleaner[R0].txt
2015-01-05 16:47 - 2015-01-05 16:50 - 00000000 ____D () C:\AdwCleaner
2015-01-05 16:41 - 2015-01-05 16:43 - 00012528 _____ () C:\Users\Terri\Desktop\attach.txt
2015-01-05 16:41 - 2015-01-05 16:41 - 00026966 _____ () C:\Users\Terri\Desktop\dds.txt
2015-01-05 16:40 - 2015-01-05 16:40 - 00688992 ____R (Swearware) C:\Users\Terri\Downloads\dds.com
2015-01-05 15:26 - 2015-01-05 15:26 - 00001413 _____ () C:\Users\Terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-05 15:26 - 2015-01-05 15:26 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-05 15:26 - 2015-01-05 15:26 - 00000000 ____D () C:\Users\Terri\AppData\Local\wincheck
2015-01-05 15:23 - 2015-01-05 15:26 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\Opera Software
2015-01-05 15:23 - 2015-01-05 15:26 - 00000000 ____D () C:\Users\Terri\AppData\Local\Opera Software
2015-01-05 15:22 - 2015-01-05 15:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-05 15:22 - 2015-01-05 15:23 - 00000000 ____D () C:\Users\Terri\Documents\Java
2015-01-05 14:24 - 2015-01-06 16:17 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 14:24 - 2015-01-05 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 14:24 - 2015-01-05 14:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 14:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-05 14:24 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-05 14:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-04 13:21 - 2015-01-04 13:22 - 00013854 _____ () C:\Users\Terri\Desktop\hijackthis.log
2014-12-31 18:03 - 2014-12-31 18:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Terri\Downloads\HijackThis (2).exe
2014-12-31 17:58 - 2014-12-31 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Terri\Downloads\HijackThis.exe
2014-12-31 14:37 - 2014-12-31 14:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 15:49 - 2014-12-30 15:49 - 00000000 ____D () C:\ProgramData\BitDefender
2014-12-30 15:37 - 2014-12-30 15:37 - 00004648 _____ () C:\windows\SysWOW64\LavasoftTcpService.ini
2014-12-30 15:37 - 2014-12-30 15:37 - 00002480 _____ () C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-30 15:37 - 2014-12-30 15:37 - 00002480 _____ () C:\windows\system32\LavasoftTcpServiceOff.ini
2014-12-30 15:37 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2014-12-30 15:37 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2014-12-30 15:35 - 2014-12-30 17:42 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\Lavasoft
2014-12-30 15:34 - 2014-12-30 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-12-30 15:34 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\windows\system32\bdnc.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\windows\system32\bdsmtpp.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\windows\system32\BdFirewallSDK.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\windows\system32\httproxy.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00156936 _____ () C:\windows\system32\bdfwcore.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\windows\system32\bdpop3p.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\windows\system32\OEMbdpredir.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\windows\system32\bdpredir.dll
2014-12-30 15:33 - 2014-12-30 15:33 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-12-30 15:30 - 2014-12-30 15:30 - 00000000 ____D () C:\Program Files\Lavasoft
2014-12-30 15:26 - 2014-12-30 15:26 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-12-30 15:25 - 2014-12-30 17:42 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-30 14:58 - 2014-12-30 14:58 - 00003190 _____ () C:\windows\System32\Tasks\{C82E3CAD-A530-477C-AA18-22304156AC15}
2014-12-30 14:58 - 2014-12-30 14:58 - 00003190 _____ () C:\windows\System32\Tasks\{AA87F2CD-22A8-4B02-A496-08FF791D25EE}
2014-12-30 14:45 - 2014-12-30 14:45 - 00003442 _____ () C:\windows\System32\Tasks\DoctorPC_Popup
2014-12-30 14:45 - 2014-12-30 14:45 - 00003178 _____ () C:\windows\System32\Tasks\DoctorPC_Start
2014-12-30 14:44 - 2014-12-30 14:48 - 00000000 ____D () C:\Users\Terri\Documents\DoctorPC
2014-12-30 14:44 - 2014-12-30 14:44 - 00000000 ____D () C:\Users\Terri\AppData\Local\Doctor_PC
2014-12-30 14:38 - 2015-01-06 17:15 - 00001338 _____ () C:\windows\Tasks\DLCNHF.job
2014-12-30 14:38 - 2014-12-30 14:38 - 00004364 _____ () C:\windows\System32\Tasks\DLCNHF
2014-12-29 17:34 - 2014-12-31 15:56 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 _____ () C:\END
2014-12-27 13:38 - 2014-12-27 13:38 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-17 15:59 - 2014-12-17 16:00 - 00000000 ____D () C:\Users\Terri\Downloads\The Expendables 3 DVDRip
2014-12-17 11:15 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-17 11:15 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-15 13:48 - 2014-12-15 13:59 - 00000000 ____D () C:\Users\Terri\Downloads\[ www.Torrentday.com ] - Hunger Games Mocking Jay Pt.1 CAM x264 AAC-REFiRB
2014-12-12 12:56 - 2014-12-12 12:56 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 11:01 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 11:01 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 11:01 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 11:01 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 11:01 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 11:01 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 11:01 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 11:01 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 11:01 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 11:01 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 11:01 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 11:01 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 11:01 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 11:01 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 11:01 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 11:01 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 11:01 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:01 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 11:01 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 11:01 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 11:01 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:01 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 11:01 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 11:01 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 11:01 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 11:01 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 11:01 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 11:01 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 11:01 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 11:01 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 11:01 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 11:01 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 11:01 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 11:01 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 11:01 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 11:01 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 11:01 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 11:01 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 11:01 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 11:01 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 11:01 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 11:01 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 11:01 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 11:01 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 11:01 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 11:01 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 11:01 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 11:01 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 11:01 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 11:01 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 11:01 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 11:01 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 11:01 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 11:01 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 10:56 - 2014-12-03 19:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 10:56 - 2014-12-03 19:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 10:56 - 2014-12-01 16:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-10 10:53 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 10:53 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 10:53 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 10:48 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 10:48 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 10:48 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-10 10:48 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-10 10:48 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-10 10:48 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-10 10:48 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-10 10:48 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-10 10:48 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-10 10:48 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-10 10:47 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 10:47 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 10:47 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 10:47 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 10:47 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 10:47 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 10:47 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 10:47 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 10:47 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 10:47 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 10:47 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 10:47 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 10:47 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 10:47 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 17:20 - 2009-07-13 22:13 - 00803594 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 17:16 - 2012-03-23 15:52 - 00104014 _____ () C:\windows\system32\fastboot.set
2015-01-06 17:15 - 2013-07-02 14:23 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-06 17:15 - 2012-03-23 15:27 - 04894981 _____ () C:\FaceProv.log
2015-01-06 17:15 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-06 17:14 - 2009-07-13 21:51 - 00047846 _____ () C:\windows\setupact.log
2015-01-06 16:55 - 2012-05-23 20:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 16:27 - 2012-05-14 16:04 - 00000000 ____D () C:\Users\Terri\Documents\Outlook Files
2015-01-06 16:21 - 2012-08-26 13:00 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\BitTorrent
2015-01-06 16:20 - 2012-03-23 14:38 - 01286594 _____ () C:\windows\WindowsUpdate.log
2015-01-06 16:10 - 2009-07-13 21:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 16:10 - 2009-07-13 21:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 15:54 - 2012-03-23 15:27 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-06 12:35 - 2010-11-20 20:47 - 00602520 _____ () C:\windows\PFRO.log
2015-01-05 15:59 - 2014-08-29 15:47 - 00000000 ___HD () C:\windows\AxInstSV
2015-01-05 14:15 - 2012-11-29 11:09 - 00000000 ____D () C:\Users\Terri\AppData\Local\Deployment
2015-01-04 15:46 - 2013-05-14 10:40 - 00817092 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-31 15:57 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SchCache
2014-12-31 15:56 - 2013-11-07 11:12 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\Systweak
2014-12-30 22:10 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-30 20:56 - 2013-08-12 16:44 - 00000000 ____D () C:\Program Files (x86)\Pctechclinic Inc
2014-12-30 17:18 - 2013-02-15 20:39 - 00000351 _____ () C:\prefs.js
2014-12-30 14:38 - 2012-03-23 15:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-27 13:50 - 2013-11-18 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-18 10:38 - 2012-10-27 15:54 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-18 10:37 - 2012-03-23 15:18 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-17 18:22 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-12-17 16:27 - 2014-08-20 12:14 - 00000000 ____D () C:\Users\Terri\AppData\Local\Adobe
2014-12-17 16:27 - 2012-05-23 20:40 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-17 16:27 - 2012-05-23 20:39 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-17 16:27 - 2012-05-23 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-17 15:40 - 2013-11-18 16:17 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\vlc
2014-12-12 12:56 - 2014-05-02 12:08 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 12:56 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-12 12:56 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-12 11:36 - 2012-05-11 15:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 11:00 - 2013-08-13 17:49 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 10:51 - 2012-05-11 14:25 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-08 14:33 - 2014-11-21 16:19 - 00000000 ____D () C:\Program Files\010

Some content of TEMP:
====================
C:\Users\Terri\AppData\Local\Temp\590b512d-2420-4605-a972-c291ffc2874c.exe
C:\Users\Terri\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Terri\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Terri\AppData\Local\Temp\6_Offer_9.exe
C:\Users\Terri\AppData\Local\Temp\amisetup7688__11121.exe
C:\Users\Terri\AppData\Local\Temp\BackupSetup.exe
C:\Users\Terri\AppData\Local\Temp\htmlayout.dll
C:\Users\Terri\AppData\Local\Temp\ICReinstall_winzip19-cnet.exe
C:\Users\Terri\AppData\Local\Temp\ms.exe
C:\Users\Terri\AppData\Local\Temp\optprosetup.exe
C:\Users\Terri\AppData\Local\Temp\Runner2.exe
C:\Users\Terri\AppData\Local\Temp\Runner4.exe
C:\Users\Terri\AppData\Local\Temp\SpOrder.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-30 20:54

==================== End Of Log ============================


Edited by nurse_shark, 07 January 2015 - 12:32 PM.


#5 nurse_shark

nurse_shark
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 07 January 2015 - 12:26 AM

I forgot to mention that my home page is supposed to be google. It keeps changing it to blank page. I put Websearch in AdAware, but removed it , because it was a pain!

 

P.S. I really tried to use the text box in the previous post. I followed your instructions, but somehow it didn't work.

 

I edited your right name...I called you by another (Marcus) because he was a character in a book I was reading. I apologize for it!


Edited by nurse_shark, 07 January 2015 - 12:21 PM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 08 January 2015 - 05:37 AM

Please post the content of addition.txt as well.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 nurse_shark

nurse_shark
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 09 January 2015 - 01:30 AM

Marius,

 

For some reason, I deleted it from my Flash Drive. I can't get it into Safe Mode at all anymore. So I had to run it again to get the addition.txt file.

 

Did I mention why I didn't know my windows password? I don't have one on my computer...so that my husband can use the computer whenever he wants. I have to reinstall Windows if I want one, so I can use the F8 systems recovery. I'm hoping you can fix it without one.

 

I somehow deleted the addition.txt file from safe Mode from my Flash Drive. I hope it doesn't matter.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Terri at 2015-01-08 23:06:02
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10628 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{C5E7EB18-8F3A-2192-7435-7D68CB4907CB}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BitTorrent (HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\BitTorrent) (Version: 7.9.2.36804 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.7 - Lenovo)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
oDesk Team (HKU\S-1-5-21-1095237210-819956943-3649504818-1000\...\oDVT) (Version:  - oDesk Corporation)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Pctechclinic Inc (HKLM\...\{9733D09A-6718-41B9-A0E0-30B2AE2F5A03}) (Version: 1.12.8.0 - Pctechclinic Inc)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SCTDriversV1011x64 (HKLM\...\{8210330D-4DDA-4356-9941-3B19F8E8A15C}) (Version: 10.11.1 - SCT Performance LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1095237210-819956943-3649504818-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Terri\AppData\Roaming\itesing\procol.dll () <==== ATTENTION

==================== Restore Points  =========================

30-12-2014 14:07:07 Windows Update
30-12-2014 15:25:11 AA11
30-12-2014 15:35:31 LavasoftWeCompanion
30-12-2014 17:35:02 LavasoftWeCompanion
06-01-2015 16:17:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B308C18-F8BD-4B7E-93B8-FC4D0655CD87} - System32\Tasks\{3610C781-A69F-4920-B672-D0397EBB64F2} => pcalua.exe -a "C:\Program Files (x86)\TornPlusTV_version1.11\Uninstall.exe" -c /fcp=1
Task: {0FFF6C0B-64FC-4F65-8740-29A63440DB73} - \74f95a24-7dfe-41b0-8340-300050852bc0-5 No Task File <==== ATTENTION
Task: {16A3ECFD-077E-404B-8983-62250C2E5697} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-17] (Adobe Systems Incorporated)
Task: {16EBEFAB-1D86-4D79-80A8-45CE2E093ED5} - System32\Tasks\DoctorPC_Popup => C:\Program Files (x86)\Doctor PC\Splash.exe
Task: {330F5945-1920-4284-8714-ADB0A59F99C0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {35DD59B5-D8D8-4A49-B428-3F0F709BFAF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {37350DD5-0868-4CA1-B49E-455B526FFE26} - System32\Tasks\{C82E3CAD-A530-477C-AA18-22304156AC15} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe" -d "C:\Program Files\DomaIQ Uninstaller"
Task: {3CFC650E-A40B-410C-BAC5-ECB89E0CAFE2} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4791492E-8FD0-4E8A-93B4-FD6020BA7308} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {49B77FA6-81FF-4ECE-B754-DDEA380AFA83} - \74f95a24-7dfe-41b0-8340-300050852bc0-1 No Task File <==== ATTENTION
Task: {52152F2C-3DAB-47FE-B9D1-3712880334A1} - \74f95a24-7dfe-41b0-8340-300050852bc0-4 No Task File <==== ATTENTION
Task: {7189EBE8-A02B-474F-8898-1B8650AF9CA3} - \74f95a24-7dfe-41b0-8340-300050852bc0-5_user No Task File <==== ATTENTION
Task: {7AF13FC5-0124-4F2F-9AC8-AE88F392FBA2} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {86F1BF7C-B294-46C5-AE18-BA2640D58DF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8CA38FDD-7D05-47C4-AC0F-0B0FF8FF3868} - System32\Tasks\DLCNHF => C:\Users\Terri\AppData\Roaming\DLCNHF.exe <==== ATTENTION
Task: {9F49060B-7B0E-4B22-A18E-05911CBF0859} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B5511107-98C1-4BB7-A852-8F57175E468A} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B58E076E-E74E-47F1-97A6-3399BE8F0352} - \74f95a24-7dfe-41b0-8340-300050852bc0-2 No Task File <==== ATTENTION
Task: {B662FD78-0339-4473-A6C6-28B84CA9BFD9} - \74f95a24-7dfe-41b0-8340-300050852bc0-11 No Task File <==== ATTENTION
Task: {D1A3D815-348E-4326-BDE1-7325DC7DE3EA} - System32\Tasks\{AA87F2CD-22A8-4B02-A496-08FF791D25EE} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe" -d "C:\Program Files\DomaIQ Uninstaller"
Task: {DABE81D5-11C3-4FF3-8739-F1F6D0E5366A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DBAA06B8-ECA7-47B2-B3F8-DB50E59B77A0} - \74f95a24-7dfe-41b0-8340-300050852bc0-3 No Task File <==== ATTENTION
Task: {E1038848-F7B9-4A82-9FE1-68EA67714ECB} - System32\Tasks\{AA4B64BE-1D89-4A7A-8210-DD0F8BE67D92} => pcalua.exe -a C:\windows\IsUninst.exe -c -f"C:\Program Files (x86)\EPSON\Copy Utility\Uninst.isu"
Task: {E4B19A05-9FBC-4A95-A45C-2F7466AB2F07} - System32\Tasks\DoctorPC_Start => C:\Program Files (x86)\Doctor PC\DoctorPC.exe
Task: {EE19E08D-AE05-46A8-82E5-8B5CA47671E8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\DLCNHF.job => C:\Users\Terri\AppData\Roaming\DLCNHF.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2009-01-21 09:45 - 2009-01-21 09:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-27 22:06 - 2014-10-27 22:06 - 00138240 _____ () C:\Users\Terri\AppData\Roaming\itesing\procol.dll
2012-11-30 14:32 - 2012-03-19 15:55 - 00284512 _____ () C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2014-12-30 15:34 - 2014-10-09 10:08 - 00156936 _____ () C:\windows\system32\bdfwcore.dll
2014-12-30 15:49 - 2014-12-30 15:49 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2014-12-30 15:49 - 2014-12-30 15:49 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2014-12-30 15:50 - 2014-12-30 15:50 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2014-12-30 15:49 - 2014-12-30 15:49 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2014-11-21 15:29 - 2014-11-02 10:35 - 00268600 _____ () C:\windows\SysWOW64\lsdprn.exe
2013-03-29 09:02 - 2013-03-29 09:02 - 00213136 _____ () C:\Program Files (x86)\Pctechclinic Inc\VSSService.exe
2008-12-19 20:20 - 2012-03-23 15:50 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 20:20 - 2012-03-23 15:50 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2010-11-19 08:52 - 2010-11-19 08:52 - 00178072 _____ () C:\ProgramData\HP Link5 Config\PelLinkS.exe
2011-03-14 07:21 - 2011-03-14 07:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-28 16:38 - 2011-06-28 16:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2013-03-29 08:57 - 2013-03-29 08:57 - 00781824 _____ () C:\Program Files (x86)\Pctechclinic Inc\Localisation.dll
2011-07-28 14:20 - 2011-07-28 14:20 - 00270336 _____ () C:\Program Files (x86)\Pctechclinic Inc\AlphaFS.dll
2013-03-29 09:02 - 2013-03-29 09:02 - 00066704 _____ () C:\Program Files (x86)\Pctechclinic Inc\Native.dll
2012-03-23 15:27 - 2012-03-23 15:27 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-10-27 22:05 - 2014-10-27 22:05 - 00117248 _____ () C:\Users\Terri\AppData\Roaming\itesing\marfacat.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1095237210-819956943-3649504818-500 - Administrator - Disabled)
Guest (S-1-5-21-1095237210-819956943-3649504818-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1095237210-819956943-3649504818-1002 - Limited - Enabled)
Terri (S-1-5-21-1095237210-819956943-3649504818-1000 - Administrator - Enabled) => C:\Users\Terri

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2015 11:00:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d23fb831-db35-4a88-bb52-11ce2a006d6c}

Error: (01/08/2015 10:59:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 10:24:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 10:17:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 214611

Error: (01/08/2015 10:17:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 214611

Error: (01/08/2015 10:17:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2015 10:14:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16115

Error: (01/08/2015 10:14:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16115

Error: (01/08/2015 10:14:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2015 10:14:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12465


System errors:
=============
Error: (01/08/2015 11:00:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
selkkf

Error: (01/08/2015 10:51:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (01/08/2015 10:51:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (01/08/2015 10:51:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (01/08/2015 10:47:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (01/08/2015 10:47:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (01/08/2015 10:47:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (01/08/2015 10:47:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (01/08/2015 10:47:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (01/08/2015 10:47:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068


Microsoft Office Sessions:
=========================
Error: (01/08/2015 11:00:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d23fb831-db35-4a88-bb52-11ce2a006d6c}

Error: (01/08/2015 10:59:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 10:24:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 10:17:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 214611

Error: (01/08/2015 10:17:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 214611

Error: (01/08/2015 10:17:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2015 10:14:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16115

Error: (01/08/2015 10:14:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16115

Error: (01/08/2015 10:14:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2015 10:14:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12465


CodeIntegrity Errors:
===================================
  Date: 2014-12-13 14:32:48.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-13 14:32:40.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-13 14:28:56.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-13 14:28:13.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 18:26:17.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 18:26:17.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 18:26:16.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 18:26:16.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 18:23:48.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-14 18:22:57.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 5734.11 MB
Available physical RAM: 3577.69 MB
Total Pagefile: 11466.4 MB
Available Pagefile: 9055.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:337.06 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.12 GB) NTFS
Drive e: (SWIVEL) (Removable) (Total:1.8 GB) (Free:1.8 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 54F412D1)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.8 GB) - (Type=06)

==================== End Of Log ============================


#8 nurse_shark

nurse_shark
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 09 January 2015 - 01:34 AM

Cool...I was able to use the text box!



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 09 January 2015 - 07:57 AM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either
Kaspersky or Ad-Aware Antivirus.

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 nurse_shark

nurse_shark
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 09 January 2015 - 08:30 PM

I removed Ad-Adware. I have a subscription with Kaspersky. I have two logs with Malware Bytes. I've had it installed for about a month...when I was in Safe Mode I couldn't export the logs. 'll do the first.exe in this one and I'll put the two logs from Malware Bytes in the next one.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Terri at 2015-01-09 18:00:41 Run:1
Running from E:\
Loaded Profile: Terri (Available profiles: Terri)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\DLCNHF.job => C:\Users\Terri\AppData\Roaming\DLCNHF.exe <==== ATTENTION
Task: {DABE81D5-11C3-4FF3-8739-F1F6D0E5366A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DBAA06B8-ECA7-47B2-B3F8-DB50E59B77A0} - \74f95a24-7dfe-41b0-8340-300050852bc0-3 No Task File <==== ATTENTION
Task: {8CA38FDD-7D05-47C4-AC0F-0B0FF8FF3868} - System32\Tasks\DLCNHF => C:\Users\Terri\AppData\Roaming\DLCNHF.exe <==== ATTENTION
Task: {9F49060B-7B0E-4B22-A18E-05911CBF0859} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B5511107-98C1-4BB7-A852-8F57175E468A} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B58E076E-E74E-47F1-97A6-3399BE8F0352} - \74f95a24-7dfe-41b0-8340-300050852bc0-2 No Task File <==== ATTENTION
Task: {B662FD78-0339-4473-A6C6-28B84CA9BFD9} - \74f95a24-7dfe-41b0-8340-300050852bc0-11 No Task File <==== ATTENTION
Task: {D1A3D815-348E-4326-BDE1-7325DC7DE3EA} - System32\Tasks\{AA87F2CD-22A8-4B02-A496-08FF791D25EE} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe" -d "C:\Program Files\DomaIQ Uninstaller"
Task: {DABE81D5-11C3-4FF3-8739-F1F6D0E5366A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DBAA06B8-ECA7-47B2-B3F8-DB50E59B77A0} - \74f95a24-7dfe-41b0-8340-300050852bc0-3 No Task File <==== ATTENTION
Task: {37350DD5-0868-4CA1-B49E-455B526FFE26} - System32\Tasks\{C82E3CAD-A530-477C-AA18-22304156AC15} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe" -d "C:\Program Files\DomaIQ Uninstaller"
Task: {3CFC650E-A40B-410C-BAC5-ECB89E0CAFE2} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4791492E-8FD0-4E8A-93B4-FD6020BA7308} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {49B77FA6-81FF-4ECE-B754-DDEA380AFA83} - \74f95a24-7dfe-41b0-8340-300050852bc0-1 No Task File <==== ATTENTION
Task: {52152F2C-3DAB-47FE-B9D1-3712880334A1} - \74f95a24-7dfe-41b0-8340-300050852bc0-4 No Task File <==== ATTENTION
Task: {7189EBE8-A02B-474F-8898-1B8650AF9CA3} - \74f95a24-7dfe-41b0-8340-300050852bc0-5_user No Task File <==== ATTENTION
Task: {7AF13FC5-0124-4F2F-9AC8-AE88F392FBA2} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {0B308C18-F8BD-4B7E-93B8-FC4D0655CD87} - System32\Tasks\{3610C781-A69F-4920-B672-D0397EBB64F2} => pcalua.exe -a "C:\Program Files (x86)\TornPlusTV_version1.11\Uninstall.exe" -c /fcp=1
Task: {0FFF6C0B-64FC-4F65-8740-29A63440DB73} - \74f95a24-7dfe-41b0-8340-300050852bc0-5 No Task File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1095237210-819956943-3649504818-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Terri\AppData\Roaming\itesing\procol.dll () <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm038^YYA^ca&si=pd-angels&ptb=D0F031D1-F507-480F-B4C8-8ED706DC00A5&ind=2013083022&n=77fd358e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1095237210-819956943-3649504818-1000 -> {9C26C52B-5E4A-429A-AF41-395BF057F736} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
SearchScopes: HKLM-x32 -> {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm038^YYA^ca&si=pd-angels&ptb=D0F031D1-F507-480F-B4C8-8ED706DC00A5&ind=2013083022&n=77fd358e&psa=&st=sb&searchfor={searchTerms}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S0 selkkf; System32\drivers\dnxqybut.sys [X]

C:\Users\Terri\AppData\Roaming\itesing
C:\Program Files\DomaIQ Uninstaller
C:\Users\Terri\AppData\Roaming\DLCNHF.exe
C:\Program Files (x86)\AnyProtectEx
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\TornPlusTV_version1.11
2014-12-08 14:33 - 2014-11-21 16:19 - 00000000 ____D () C:\Program Files\010
2014-12-31 15:56 - 2013-11-07 11:12 - 00000000 ____D () C:\Users\Terri\AppData\Roaming\Systweak
2014-12-30 22:10 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-30 20:56 - 2013-08-12 16:44 - 00000000 ____D () C:\Program Files (x86)\Pctechclinic Inc
2014-12-30 14:58 - 2014-12-30 14:58 - 00003190 _____ () C:\windows\System32\Tasks\{C82E3CAD-A530-477C-AA18-22304156AC15}
2014-12-30 14:58 - 2014-12-30 14:58 - 00003190 _____ () C:\windows\System32\Tasks\{AA87F2CD-22A8-4B02-A496-08FF791D25EE}
2014-12-30 14:45 - 2014-12-30 14:45 - 00003442 _____ () C:\windows\System32\Tasks\DoctorPC_Popup
2014-12-30 14:45 - 2014-12-30 14:45 - 00003178 _____ () C:\windows\System32\Tasks\DoctorPC_Start
2014-12-30 14:44 - 2014-12-30 14:48 - 00000000 ____D () C:\Users\Terri\Documents\DoctorPC
2014-12-30 14:44 - 2014-12-30 14:44 - 00000000 ____D () C:\Users\Terri\AppData\Local\Doctor_PC
2014-12-30 14:38 - 2015-01-06 17:15 - 00001338 _____ () C:\windows\Tasks\DLCNHF.job
2014-12-30 14:38 - 2014-12-30 14:38 - 00004364 _____ () C:\windows\System32\Tasks\DLCNHF
2014-12-29 17:34 - 2014-12-31 15:56 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 _____ () C:\END

EmptyTemp:
*****************

C:\windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\windows\Tasks\APSnotifierPP3.job => Moved successfully.
C:\windows\Tasks\DLCNHF.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DABE81D5-11C3-4FF3-8739-F1F6D0E5366A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DABE81D5-11C3-4FF3-8739-F1F6D0E5366A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBAA06B8-ECA7-47B2-B3F8-DB50E59B77A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBAA06B8-ECA7-47B2-B3F8-DB50E59B77A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74f95a24-7dfe-41b0-8340-300050852bc0-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CA38FDD-7D05-47C4-AC0F-0B0FF8FF3868}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CA38FDD-7D05-47C4-AC0F-0B0FF8FF3868}" => Key deleted successfully.
C:\Windows\System32\Tasks\DLCNHF => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DLCNHF" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F49060B-7B0E-4B22-A18E-05911CBF0859}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F49060B-7B0E-4B22-A18E-05911CBF0859}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5511107-98C1-4BB7-A852-8F57175E468A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5511107-98C1-4BB7-A852-8F57175E468A}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B58E076E-E74E-47F1-97A6-3399BE8F0352}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B58E076E-E74E-47F1-97A6-3399BE8F0352}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74f95a24-7dfe-41b0-8340-300050852bc0-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B662FD78-0339-4473-A6C6-28B84CA9BFD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B662FD78-0339-4473-A6C6-28B84CA9BFD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74f95a24-7dfe-41b0-8340-300050852bc0-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1A3D815-348E-4326-BDE1-7325DC7DE3EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1A3D815-348E-4326-BDE1-7325DC7DE3EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AA87F2CD-22A8-4B02-A496-08FF791D25EE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AA87F2CD-22A8-4B02-A496-08FF791D25EE}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DABE81D5-11C3-4FF3-8739-F1F6D0E5366A} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBAA06B8-ECA7-47B2-B3F8-DB50E59B77A0} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74f95a24-7dfe-41b0-8340-300050852bc0-3 => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37350DD5-0868-4CA1-B49E-455B526FFE26}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37350DD5-0868-4CA1-B49E-455B526FFE26}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C82E3CAD-A530-477C-AA18-22304156AC15} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C82E3CAD-A530-477C-AA18-22304156AC15}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CFC650E-A40B-410C-BAC5-ECB89E0CAFE2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CFC650E-A40B-410C-BAC5-ECB89E0CAFE2}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4791492E-8FD0-4E8A-93B4-FD6020BA7308}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4791492E-8FD0-4E8A-93B4-FD6020BA7308}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49B77FA6-81FF-4ECE-B754-DDEA380AFA83}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49B77FA6-81FF-4ECE-B754-DDEA380AFA83}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74f95a24-7dfe-41b0-8340-300050852bc0-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52152F2C-3DAB-47FE-B9D1-3712880334A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52152F2C-3DAB-47FE-B9D1-3712880334A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74f95a24-7dfe-41b0-8340-300050852bc0-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7189EBE8-A02B-474F-8898-1B8650AF9CA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7189EBE8-A02B-474F-8898-1B8650AF9CA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74f95a24-7dfe-41b0-8340-300050852bc0-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AF13FC5-0124-4F2F-9AC8-AE88F392FBA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AF13FC5-0124-4F2F-9AC8-AE88F392FBA2}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B308C18-F8BD-4B7E-93B8-FC4D0655CD87}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B308C18-F8BD-4B7E-93B8-FC4D0655CD87}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3610C781-A69F-4920-B672-D0397EBB64F2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3610C781-A69F-4920-B672-D0397EBB64F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FFF6C0B-64FC-4F65-8740-29A63440DB73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FFF6C0B-64FC-4F65-8740-29A63440DB73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74f95a24-7dfe-41b0-8340-300050852bc0-5" => Key deleted successfully.
"HKU\S-1-5-21-1095237210-819956943-3649504818-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
"HKU\S-1-5-21-1095237210-819956943-3649504818-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKU\S-1-5-21-1095237210-819956943-3649504818-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}" => Key deleted successfully.
HKCR\CLSID\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} => Key not found. 
"HKU\S-1-5-21-1095237210-819956943-3649504818-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C26C52B-5E4A-429A-AF41-395BF057F736}" => Key deleted successfully.
HKCR\CLSID\{9C26C52B-5E4A-429A-AF41-395BF057F736} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
selkkf => Service deleted successfully.
C:\Users\Terri\AppData\Roaming\itesing => Moved successfully.
"C:\Program Files\DomaIQ Uninstaller" => File/Directory not found.
"C:\Users\Terri\AppData\Roaming\DLCNHF.exe" => File/Directory not found.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"C:\Program Files (x86)\TornPlusTV_version1.11" => File/Directory not found.
C:\Program Files\010 => Moved successfully.
C:\Users\Terri\AppData\Roaming\Systweak => Moved successfully.
C:\windows\system32\NDF => Moved successfully.

"C:\Program Files (x86)\Pctechclinic Inc" directory move:

C:\Program Files (x86)\Pctechclinic Inc\AlphaFS.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\AxInterop.ShockwaveFlashObjects.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\CBFSNet.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\ControlPanel.exe => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\ExplorerExtensions.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\Extensions.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\file.bmp => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\filedb.bmp => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\FileTypes.dat => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\folder.bmp => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\ICSharpCode.SharpZipLib.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\Interop.ShockwaveFlashObjects.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\isxdl.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\Localisation.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\ManageUsers.exe => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\Native.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\OpenAccess.exe => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\ServiceManager.exe => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\SQLite.Interop.dll => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\sqlite3.exe => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\System.Data.SQLite.DLL => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\Updater.exe => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\VSSService.exe => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\VSSService.InstallLog => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\VSSService.InstallState => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\Uninstaller\Uninstaller.exe => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\bin\cbfs.cab => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\bin\cbfs.sys => Moved successfully.
C:\Program Files (x86)\Pctechclinic Inc\bin\cbfsinst.dll => Moved successfully.
Could not move "C:\Program Files (x86)\Pctechclinic Inc" directory. => Scheduled to move on reboot.

"C:\windows\System32\Tasks\{C82E3CAD-A530-477C-AA18-22304156AC15}" => File/Directory not found.
"C:\windows\System32\Tasks\{AA87F2CD-22A8-4B02-A496-08FF791D25EE}" => File/Directory not found.
C:\windows\System32\Tasks\DoctorPC_Popup => Moved successfully.
C:\windows\System32\Tasks\DoctorPC_Start => Moved successfully.
C:\Users\Terri\Documents\DoctorPC => Moved successfully.
C:\Users\Terri\AppData\Local\Doctor_PC => Moved successfully.
"C:\windows\Tasks\DLCNHF.job" => File/Directory not found.
"C:\windows\System32\Tasks\DLCNHF" => File/Directory not found.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\END => Moved successfully.
EmptyTemp: => Removed 3.3 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-09 18:05:03)<=

C:\Program Files (x86)\Pctechclinic Inc => Is moved successfully.

==== End of Fixlog 18:05:03 ====


#11 nurse_shark

nurse_shark
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 09 January 2015 - 10:05 PM

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/12/31 15:29:14 -0700</date>
<logfile>mbam-log-2014-12-31 (15-29-14).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2014.12.31.05</malware-database>
<rootkit-database>v2014.12.30.01</rootkit-database>
<license>trial</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Terri</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>336784</objects>
<time>1387</time>
<processes>0</processes>
<modules>0</modules>
<keys>69</keys>
<values>11</values>
<datas>3</datas>
<folders>55</folders>
<files>344</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}</path><vendor>PUP.Optional.Outbrowse</vendor><action>success</action><hash>73eeff6a91ebcc6a8a5545d5d1328d73</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cf67755f-9265-449c-87cf-b945519e073b}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>8dd4d099de9e66d08673e6fa2ad89769</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CF67755F-9265-449C-87CF-B945519E073B}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>8dd4d099de9e66d08673e6fa2ad89769</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF67755F-9265-449C-87CF-B945519E073B}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>8dd4d099de9e66d08673e6fa2ad89769</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>184989e07804d06626f0ac32788a58a8</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>5b061158b8c489adb4634f8f5da5ba46</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}</path><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><hash>5b061158b8c489adb4634f8f5da5ba46</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5D79F641-C168-40DF-A32F-BACEA7509E75}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>89d85316f488b680b7b85090e61c41bf</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C98D5B61-B0EA-4D48-9839-1079D352D880}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>19489ccda2da64d23042469ae61c6d93</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>08594722720a2511d49fda06748e8f71</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{39AD0726-986D-40F9-972B-E3BFA24B7745}</path><vendor>PUP.Optional.ArcadeParlor.A</vendor><action>success</action><hash>d68b6dfc1765b086397b001adf24b050</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}</path><vendor>PUP.Optional.MyScrapNook.A</vendor><action>success</action><hash>96cbd396c9b3a6909a121008e41ff808</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}</path><vendor>PUP.Optional.MyScrapNook.A</vendor><action>success</action><hash>b9a8a4c5e894b5818f1d9484cf3444bc</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\UtilityChest_49.SkinLauncherSettings</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>3b2693d6c7b5f4421d8e4dcb49ba7b85</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\UtilityChest_49.SkinLauncherSettings.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>b6abb8b14f2d59ddecbfb95f847f946c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\UtilityChest_49.SkinLauncherSettings</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>b6abb8b14f2d59ddecbfb95f847f946c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\UtilityChest_49.SkinLauncherSettings.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>b6abb8b14f2d59ddecbfb95f847f946c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage</path><vendor>PUP.Optional.VOPackage.A</vendor><action>success</action><hash>a0c11752b7c5a393e95483ebba49e31d</hash></key>
<key><path>HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>253ccf9a3d3f56e05d3ff99f1be858a8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\InstallIQ</path><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><hash>2d341f4a6e0ea88e9b63306e4fb4966a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>2d340861e19b231303f87cfae91a18e8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\TornPlusTV_version1.11</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>8ed3a8c12f4d46f07d57e383c04355ab</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\UtilityChest_49</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>a9b826434f2dac8a5a5f5d78a2627c84</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.2</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>d68b2e3b6517ee48fca24625da29a35d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>4f125811b0ccaa8cfbd80a732fd4f907</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mkndcbhcgphcfkkddanakjiepeknbgle</path><vendor>PUP.Optional.RelevantKnowledge.A</vendor><action>success</action><hash>451cc0a91765a096bd585e281fe45ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfmopbbadnfoelckkcmjjeaaegjpjjbk</path><vendor>PUP.Optional.Gophoto.A</vendor><action>success</action><hash>bca5a9c02b513afc285d6e51e321b050</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\3874</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dc8596d3324a290da4f89bfd7a89867a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>a9b8b4b52458082eb50cae2fdf2534cc</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>1c45f9701468e155f3cf99449e6609f7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@UtilityChest_49.com/Plugin</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>0c55e980dba154e25f111b74fd067090</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>1b46b4b54c3045f11cd0bbc4d92af60a</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpnfd_1_10_0_2</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>86dba5c489f38da9326b6b00e91a22de</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornTv Downloader</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>d0911f4adca01b1bb399640341c2a957</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TornPlusTV_version1.11</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>b6ab0f5af18b0a2cd501f3733ec5ae52</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V6.0</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>adb43b2e25577cbae9806b3418ebfd03</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload</path><vendor>PUP.Optional.1ClickDownload.A</vendor><action>success</action><hash>b1b032377c00ea4cfa332894cb392ed2</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>3c2597d23646eb4b5b374c8d32d2659b</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp</path><vendor>PUP.Optional.StormWatchApp.A</vendor><action>success</action><hash>3e23f07991eb9e988c76b1bbc83ba15f</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornTv Downloader</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>83de6108cdaf56e029239ccb1ee55ca4</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>5b06f0795428cc6a589cebf24fb56997</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\UtilityChest_49</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>ff62abbeaad2cc6ad2e83c9915ef58a8</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>bea35c0dbfbdd66059f50661e81bb749</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>283969008eeeee489c713d92a65e05fb</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FLV_Runner</path><vendor>PUP.Optional.FLVRunner.A</vendor><action>success</action><hash>8bd693d668146ec851c922411fe4cb35</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>5f02b0b995e73ff7e703fd6a34cfd52b</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TornPlusTV_version1.11</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>4d147eeb29537cba2da99fc7bd46d22e</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\UtilityChest_49</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>b7aac7a2d1ab181ed750305a669d4eb2</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>570a46238def21156163cfd5a65d0ef2</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>7ae7fe6b5329e84e954a76441ee6e917</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>b7aab5b490ecb680fcb187eade253dc3</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Qwerty</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>c49d066308747eb81c776bfb7a8904fc</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>a1c06702f08c989eb33818672dd6f808</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></key>
<value><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{3BBD3C14-4C16-4989-8366-95BC9179779D}</path><valuename></valuename><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><valuedata></valuedata><hash>abb6d5942953cf67ceb7f4ea12f04cb4</hash></value>
<value><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{3BBD3C14-4C16-4989-8366-95BC9179779D}</valuename><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><valuedata>&lt;½;L‰Iƒf•¼‘yw</valuedata><hash>abb6d5942953cf67ceb7f4ea12f04cb4</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename><vendor>PUP.Optional.SmartBar</vendor><action>success</action><valuedata>Smartbar</valuedata><hash>1150274296e6a39352e7353f3ec59e62</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><valuename>path</valuename><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><valuedata>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</valuedata><hash>4f125811b0ccaa8cfbd80a732fd4f907</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY</path><valuename>AppPath</valuename><vendor>PUP.Optional.MySearchDial.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\Mysearchdial\1.8.29.0\</valuedata><hash>0a57630678040234869a2ab0f70d24dc</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename><vendor>PUP.Optional.SmartBar</vendor><action>success</action><valuedata>Smartbar</valuedata><hash>aeb34524c5b7b87e38014232fc07837d</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>mbot_ca_203</valuename><vendor>PUP.Optional.MBot.A</vendor><action>success</action><valuedata></valuedata><hash>bea3df8a562668ce45b533431ce7768a</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE</path><valuename>UninstallString</valuename><vendor>PUP.Optional.VOPackage</vendor><action>success</action><valuedata>&quot;C:\Users\Terri\AppData\Roaming\VOPackage\uninstall.exe&quot;</valuedata><hash>1b46b9b0d5a743f36bca67164fb47f81</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}</valuename><vendor>PUP.Optional.OpinionSquare.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\PermissionResearch\firefox</valuedata><hash>4c15383189f38ea8e25408818a79f709</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>49ffxtbr@UtilityChest_49.com</valuename><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\UtilityChest_49\bar\1.bin</valuedata><hash>c1a089e0c4b8f73fc00f5d39f013c43c</hash></value>
<value><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0A2O1C1R1H2Z1S1G1M1F</valuedata><hash>7ae7fe6b5329e84e954a76441ee6e917</hash></value>
<data><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED</path><valuename>Start_ShowSearch</valuename><vendor>PUM.Hijack.StartMenu</vendor><action>replaced</action><valuedata>0</valuedata><baddata>0</baddata><gooddata>1</gooddata><hash>d68b42272b51a294ead8dda3b64f2bd5</hash></data>
<data><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2B4C8F21-D7C4-413C-8889-141517297EA6}</path><valuename>NameServer</valuename><vendor>Trojan.DNSChanger</vendor><action>replaced</action><valuedata>31.168.224.100,5.135.12.56</valuedata><baddata>31.168.224.100,5.135.12.56</baddata><gooddata></gooddata><hash>bfa281e8e7958ea84db17e0861a4cf31</hash></data>
<data><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{A8B5A119-CC4C-4E0E-997A-FB41449FD2B3}</path><valuename>NameServer</valuename><vendor>Trojan.DNSChanger</vendor><action>replaced</action><valuedata>31.168.224.100,5.135.12.56</valuedata><baddata>31.168.224.100,5.135.12.56</baddata><gooddata></gooddata><hash>f968c2a7bbc1fb3b7f7f2a5cfb0a5fa1</hash></data>
<folder><path>C:\Users\Terri\AppData\Local\Temp\CloudGuard</path><vendor>PUP.Optional.CloudGuard.A</vendor><action>success</action><hash>ce93d693f18be056f414056119eaa45c</hash></folder>
<folder><path>C:\Users\Terri\AppData\Roaming\VOPackage</path><vendor>PUP.Optional.VOPackage.A</vendor><action>success</action><hash>a0c11752b7c5a393e95483ebba49e31d</hash></folder>
<folder><path>C:\Users\Terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage</path><vendor>PUP.Optional.VOPackage</vendor><action>success</action><hash>4b163b2e78041e189a9cbcc1937051af</hash></folder>
<folder><path>C:\ProgramData\374311380</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>0d5476f3d9a382b4e3ccf229ba4912ee</hash></folder>
<folder><path>C:\Users\Terri\AppData\Roaming\newnext.me</path><vendor>PUP.Optional.NextLive.A</vendor><action>success</action><hash>bfa293d6ed8fee4854877bb1f50e58a8</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\WeatherAlerts</path><vendor>PUP.Optional.WeatherAlerts</vendor><action>success</action><hash>b5acc1a85f1dcf67470757d617ecad53</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></folder>
<folder><path>C:\Program Files (x86)\UtilityChest_49</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></folder>
<folder><path>C:\Program Files (x86)\UtilityChest_49\bar</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></folder>
<folder><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></folder>
<folder><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\chrome</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></folder>
<folder><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\ThirdPartyInstallers</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></folder>
<folder><path>C:\Program Files (x86)\UtilityChest_49\bar\gen1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></folder>
<folder><path>C:\Program Files (x86)\UtilityChest_49\bar\IE9Mesg</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></folder>
<folder><path>C:\Program Files (x86)\UtilityChest_49\bar\Message</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></folder>
<folder><path>C:\Program Files (x86)\UtilityChest_49\bar\Settings</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\css</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\css</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\fonts</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\History</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Settings</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\UtilityChest_49</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\UtilityChest_49\Cache</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\SearchProtect</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a4bd6bfe314b5fd7f4ba58e816edc937</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\SearchProtect\Logs</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a4bd6bfe314b5fd7f4ba58e816edc937</hash></folder>
<folder><path>C:\Users\Terri\AppData\Roaming\Systweak\ssd</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>e081abbe4537270fa20999aa7c87bb45</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Download</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Install</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline\{917180DE-51D5-4EE6-8712-C28BB5BE1235}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\Temp\comh.17994</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\Temp\comh.401470</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></folder>
<folder><path>C:\Program Files (x86)\FLVM Player</path><vendor>PUP.Optional.FLVMPlayer</vendor><action>success</action><hash>4d14e48598e49e9846e68fc0bc4723dd</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\FLV_Runner</path><vendor>PUP.Optional.FLVRunner.A</vendor><action>success</action><hash>2d340c5dc4b81e18e05e76e7b1521fe1</hash></folder>
<folder><path>C:\Users\Terri\AppData\LocalLow\FLV_Runner\Logs</path><vendor>PUP.Optional.FLVRunner.A</vendor><action>success</action><hash>2d340c5dc4b81e18e05e76e7b1521fe1</hash></folder>
<folder><path>C:\ProgramData\LizardSales</path><vendor>PUP.Optional.LizardSales.A</vendor><action>success</action><hash>8dd47fea1369ba7c90371747cb38fb05</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\Main</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>e08195d476068ea87b7d71ed42c112ee</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\Main\rep</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>e08195d476068ea87b7d71ed42c112ee</hash></folder>
<file><path>C:\Users\Terri\AppData\Local\Temp\ICReinstall_nsgE9AF.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>283902678def082ee6d4573aea17b848</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\ICReinstall_nsj4E98.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>f66b630685f7ef474575e2afe918946c</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\ICReinstall_nsoE503.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>b2af81e8cab262d48a30523f91700af6</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\ICReinstall_nsr53F2.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>5a0794d53c40c1751b9f1b7643beec14</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\ICReinstall_nsv6D7A.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>88d98adf18645dd9b505c1d019e820e0</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\ICReinstall_nswA52D.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>b7aadf8aa9d373c3f0cacdc4e31eda26</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\ICReinstall_nswE9E7.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>b7aa096018649c9a2793bcd5926fbd43</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\ICReinstall_nsyBEBB.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>e77a7fea16660036f1c94c45e81933cd</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\108277.exe.exe</path><vendor>PUP.Optional.DrPC.A</vendor><action>success</action><hash>e67b89e03a426bcb4ac890cd4bb560a0</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\20140515150101.859.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>adb4de8b1e5e75c1c85d0a553ec7b24e</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\SPSetup.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>8dd40e5b3646d363c75e37070001f010</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\nsj4E98.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>b8a999d0e4989b9b0eac1f729c6545bb</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\nsoE503.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>8bd685e47309d75f833799f88081669a</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\nsr53F2.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>9ec3e782126adc5a4d6dc9c88a7707f9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\nsv6D7A.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>b5ac47227705d2645e5ce2afe41d9868</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\nswA52D.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>2041ff6a126ad660d9e1d5bc6f9253ad</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\nswE9E7.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>fb668adfacd07fb7aa104849db26c040</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\nsyBEBB.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>7ce57dece29a90a6b109e9a830d1659b</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\nsgE9AF.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>144dfa6f7903f73f11a9d7ba6d94a65a</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\nsh70CF.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>66fb0168fe7e73c31f13ac9daa579b65</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\14C1tmp\cloudscout.exe</path><vendor>PUP.Optional.CloudGuard.A</vendor><action>success</action><hash>cd94eb7e83f93cfa3542847517eac13f</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\14C2tmp\setup.exe</path><vendor>PUP.Optional.StormWatch.A</vendor><action>success</action><hash>1e431356710b0630d0e4540146bafa06</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\Apps\setup.exe</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>303170f91666ef472662f3edf70a6b95</hash></file>
<file><path>C:\Windows\Temp\nsa99AC.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>66fbdd8cea92d16562d0b09923de3fc1</hash></file>
<file><path>C:\Windows\Temp\nsb8B78.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8dd42d3cef8d38fe959d63e6a55ca65a</hash></file>
<file><path>C:\Windows\Temp\nsc81EF.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>df8248214e2e37ffca6829201de448b8</hash></file>
<file><path>C:\Windows\Temp\nscC4C9.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>94cd72f73547dd595fd3f752768bd62a</hash></file>
<file><path>C:\Windows\Temp\nsd4731.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>97ca70f9c3b99d99bb77ce7b30d1d42c</hash></file>
<file><path>C:\Windows\Temp\nsg107F.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>352c2d3cec90bc7ae949c38640c139c7</hash></file>
<file><path>C:\Windows\Temp\nsg66C8.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>0f52bcadb5c758de131f70d9d42dca36</hash></file>
<file><path>C:\Windows\Temp\nsg6938.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>ff6289e00676d26473bffb4e7190bb45</hash></file>
<file><path>C:\Windows\Temp\nsgBDFF.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>075a6405bebef93d53dfa1a817ea0ef2</hash></file>
<file><path>C:\Windows\Temp\nsgFF4D.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>cc955118512b64d27db59cad4cb5c13f</hash></file>
<file><path>C:\Windows\Temp\nsq89EE.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>00618cdda8d40d2958da0d3ce21f0bf5</hash></file>
<file><path>C:\Windows\Temp\nsq99CB.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>3e2380e9fd7f71c58aa81f2ad928c53b</hash></file>
<file><path>C:\Windows\Temp\nss1375.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>2041de8b5a2237ff3ef4ea5f0af707f9</hash></file>
<file><path>C:\Windows\Temp\nss21C7.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>2839e980106c20160b27f257bd444bb5</hash></file>
<file><path>C:\Windows\Temp\nss6A9.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>93ce77f2a7d5e3531121391069985ba5</hash></file>
<file><path>C:\Windows\Temp\nssC832.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>3f226504b3c941f58ca6193061a015eb</hash></file>
<file><path>C:\Windows\Temp\nssE37.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>461b2445e19b1d190e249faad32ea55b</hash></file>
<file><path>C:\Windows\Temp\nsuA057.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>5d04bcad6f0d989e75bd81c811f0ba46</hash></file>
<file><path>C:\Windows\Temp\nsw8012.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>01604d1c225a330377bbce7b06fb8f71</hash></file>
<file><path>C:\Windows\Temp\nsx190F.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>c1a05e0bc8b467cfad85c683f30e0cf4</hash></file>
<file><path>C:\Windows\Temp\nsx99F2.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>7fe2ea7fb2ca02340f233811738e6e92</hash></file>
<file><path>C:\Windows\Temp\nszF27B.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>f66b1653e696f04642f0d079e12003fd</hash></file>
<file><path>C:\Windows\Temp\nsh800B.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8cd55c0dc5b70f27e84aa1a87c858779</hash></file>
<file><path>C:\Windows\Temp\nsl8981.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>3031ed7c1369de58b08274d5010010f0</hash></file>
<file><path>C:\Windows\Temp\nsm45E1.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a4bd0a5f730975c13002b198768bee12</hash></file>
<file><path>C:\Windows\Temp\nsm8022.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>86db8ddcd3a9f73fb77bc386f70a8e72</hash></file>
<file><path>C:\Windows\Temp\nsnC9E7.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>4120c7a2e3998ea8a88a5aefe021dd23</hash></file>
<file><path>C:\Windows\Temp\nsq268B.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>4c156cfd3448f541c07277d215ecb749</hash></file>
<file><path>C:\Windows\Temp\nsh137C.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>5908a9c0e99381b52f03ba8ffa072cd4</hash></file>
<file><path>C:\Windows\Temp\nsq5AF8.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a1c094d582fa40f6fb37f2570ef35ea2</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\CloudGuard\config.ini</path><vendor>PUP.Optional.CloudGuard.A</vendor><action>success</action><hash>ce93d693f18be056f414056119eaa45c</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\CloudGuard\ConsoleApplication1.dll</path><vendor>PUP.Optional.CloudGuard.A</vendor><action>success</action><hash>ce93d693f18be056f414056119eaa45c</hash></file>
<file><path>C:\Users\Terri\AppData\Roaming\VOPackage\Uninstall.exe</path><vendor>PUP.Optional.VOPackage.A</vendor><action>success</action><hash>a0c11752b7c5a393e95483ebba49e31d</hash></file>
<file><path>C:\Users\Terri\AppData\Roaming\VOPackage\VOPackage.exe</path><vendor>PUP.Optional.VOPackage.A</vendor><action>success</action><hash>a0c11752b7c5a393e95483ebba49e31d</hash></file>
<file><path>C:\Users\Terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk</path><vendor>PUP.Optional.VOPackage</vendor><action>success</action><hash>4b163b2e78041e189a9cbcc1937051af</hash></file>
<file><path>C:\Windows\System32\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-1</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>f66bf871df9df93d309e89f4748fbf41</hash></file>
<file><path>C:\Windows\System32\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-11</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>3a27cf9a7c0047ef20aee19c6c974cb4</hash></file>
<file><path>C:\Windows\System32\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-2</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>e97890d93b4138fe69653e3fc93a16ea</hash></file>
<file><path>C:\Windows\System32\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-3</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>4b160c5dfc803cfa13bbb6c70ef5e61a</hash></file>
<file><path>C:\Windows\System32\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-4</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>6001e287b6c673c3616d2c51b152c838</hash></file>
<file><path>C:\Windows\System32\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-5</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>0b5689e06c1061d54e809edfc1422ed2</hash></file>
<file><path>C:\Windows\System32\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-5_user</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>5e0398d1dca0999dc20cf08d9f6403fd</hash></file>
<file><path>C:\ProgramData\Search Protection\SearchProtection.exe</path><vendor>PUP.Optional.SearchProtection.A</vendor><action>success</action><hash>5a0756131468ac8aac867d281ee5a65a</hash></file>
<file><path>C:\Windows\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-1.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>164b07625725e74f203d7a6132d205fb</hash></file>
<file><path>C:\Windows\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-11.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>19489acfa7d584b2e5780ccfbd47916f</hash></file>
<file><path>C:\Windows\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-2.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>7fe23a2f0973b680cf8eb5266d97bb45</hash></file>
<file><path>C:\Windows\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-3.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>421f7aef7804979f1f3ea734cd37c937</hash></file>
<file><path>C:\Windows\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-4.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>cc9574f586f6a4926df0c3183cc8d12f</hash></file>
<file><path>C:\Windows\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-5.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>d38e4d1c27558da9a4b9a13ac93b48b8</hash></file>
<file><path>C:\Windows\Tasks\74f95a24-7dfe-41b0-8340-300050852bc0-5_user.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>eb76b1b8a5d7e056c39a3ba06c9833cd</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>8bd699d0adcfd6605f14cb1042c28a76</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>313080e90f6d3303eb891dbe7f8535cb</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>5f02b9b0d1ab270f0570d20951b3b050</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ea77e88198e485b1f0866d6e13f1f40c</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-install-v0003</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>045d03666a12290d78acae3682829d63</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-processes-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>352c16536715a294c95b7f657490ca36</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>025f83e6720ab68078acbc28d03460a0</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>6cf52b3ed3a9003630f4c22263a11ae6</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-uninstall-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>bca5e9802e4eb77f23010ed652b2cc34</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-vmdetect-v0001</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>ce93b4b56e0e57df42e2b72ddd27a858</hash></file>
<file><path>C:\ProgramData\374311380\BIT454.tmp</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>0d5476f3d9a382b4e3ccf229ba4912ee</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\1.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\2256.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\4489.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\450.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\7251.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\a.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\b.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\c.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\d.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\e.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\f.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\g.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\h.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\i.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\j.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\k.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\l.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\m.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\mru.xml</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\n.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\o.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\p.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\q.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\r.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\s.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\t.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\u.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\v.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\w.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\wlu.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\x.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\y.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\PriceGong\Data\z.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1a470267f884ca6ce2c61519f60dbe42</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\AppIntegratorStub64.dll</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\BOOTSTRAP.JS</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\CHROME.MANIFEST</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\INSTALL.RDF</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\installKeys.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\LOGO.BMP</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\T8RES.DLL</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\1.bin\chrome\49ffxtbr.jar</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\gen1\COMMON.T8S</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\IE9Mesg\COMMON.T8S</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\Message\COMMON.T8S</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Program Files (x86)\UtilityChest_49\bar\Settings\s_pid.dat</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>5f020a5f24582412b70b35fdb44fff01</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\UrlFolderExtension.uf1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\UrlFolderExtension.ufm</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\anemone-1.2.7.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\background.html</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\Date.getWeek.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\hidden-window.html</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\ie7-fix.html</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-1.7.2.min.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-dropdown.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-inputfieldrestrict.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-modal.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-ui.min.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\json2.min.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\manifest.json</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\underscore-1.3.1.min.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\widget-api-1.2.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\window.html</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\css\dropdown.css</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\css\modal.css</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\css\widget.css</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\favicon.ico</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\FBwidget_sprite.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icon.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icon.bmp,hot,flags=none.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icon.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\loading.gif</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F0.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F0.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F1.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F1.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F10.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F10.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F2.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F2.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F3.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F3.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F4.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F4.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F5.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F5.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F6.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F6.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F7.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F7.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F8.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F8.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F9.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F9.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js\background.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js\hiddenwindow.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js\settings.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js\widgetwindow.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\anemone-1.2.7.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\App.html</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\Background.html</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\hogan-2.0.0.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\jquery-1.7.1.min.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\json2.min.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\manifest.json</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\reset.css</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\underscore-1.4.2.min.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\widget-api-1.2.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\css\App.css</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\fonts\cabin.eot</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\fonts\cabin.woff</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\close.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\MainIcon.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\MainIcon.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\minimize.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\rateUISprite.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\rate_WB.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\search.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\WBlogo.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfRain.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfRain.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfRain_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfRain_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfSnow.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfSnow.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfSnow_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfSnow_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfStorm.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfStorm.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfStorm_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfTstorm.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfTstorm.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfTstorm_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfTstorm_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Cloudy.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Cloudy.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Cloudy_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Dust.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Dust.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Dust_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Dust_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Fog.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Fog.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Fog_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Fog_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Ice.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Ice.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Ice_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Ice_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MainIcon.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MainIcon.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misc.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misc.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misc_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misc_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misty.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misty.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misty_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misty_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlyCloudy.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlyCloudy_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlyCloudy_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlySunny.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlySunny.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlySunny_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlySunny_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Rain.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Rain.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Rain_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherAdvisory.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherAdvisory.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherWarning.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherWarning.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherWatch.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherWatch.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Showers.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Showers.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Showers_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfStorm_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Cloudy_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlyCloudy.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Rain_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Showers_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sleet.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sleet.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sleet_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sleet_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Snow.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Snow.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Snow_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Snow_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sunny.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sunny.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sunny_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sunny_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Thunderstorm.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Thunderstorm.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Thunderstorm_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Thunderstorm_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Windy.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Windy.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Windy_60x60.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Windy_90x90.png</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\App.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\App.Test.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\Background.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\Settings.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\Local\UtilityChest_49\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\WeatherBlink.js</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>471ad693314b89ad41300533ab580000</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D7881</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D804E</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D81C4.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D829F.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D83E6.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D853E.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D8637.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D8712.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D87AE.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D88C6.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D89FE.cab</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D9229.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D92A6.cab</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\355D9728.bmp</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Cache\files.ini</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\History\search3</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\bar\Settings\prevcfg2.htm</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\LocalLow\UtilityChest_49\UtilityChest_49\Cache\Radio.html</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>4a170d5caece68ce04e4e754867de41c</hash></file>
<file><path>C:\Users\Terri\AppData\Local\SearchProtect\Logs\sp_nsd44E4.log</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a4bd6bfe314b5fd7f4ba58e816edc937</hash></file>
<file><path>C:\Users\Terri\AppData\Roaming\Systweak\ssd\SSDPTstub.exe</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>e081abbe4537270fa20999aa7c87bb45</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>3d2476f3d8a459dd20bc5be98d7623dd</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.17994\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>b6ab0168601c76c0ba3ec0844eb527d9</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\comh.401470\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e77a3d2c35471b1b1bdddc68b2517987</hash></file>
<file><path>C:\ProgramData\LizardSales\LizardSales.exe</path><vendor>PUP.Optional.LizardSales.A</vendor><action>success</action><hash>8dd47fea1369ba7c90371747cb38fb05</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>e08195d476068ea87b7d71ed42c112ee</hash></file>
</items>
</mbam-log>



#12 nurse_shark

nurse_shark
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 09 January 2015 - 10:09 PM


<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/01/05 15:30:51 -0700</date>
<logfile>mbam-log-2015-01-05 (15-30-25).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.01.05.13</malware-database>
<rootkit-database>v2014.12.30.01</rootkit-database>
<license>trial</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Terri</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>338003</objects>
<time>1389</time>
<processes>2</processes>
<modules>0</modules>
<keys>9</keys>
<values>2</values>
<datas>0</datas>
<folders>7</folders>
<files>26</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Users\Terri\AppData\Local\mbot_ca_99\upmbot_ca_99.exe</path><vendor>PUP.Optional.Tuto</vendor><action>delete-on-reboot</action><pid>5100</pid><hash>676a33c092f778be0f8f2350a36240c0</hash></process>
<process><path>C:\Program Files (x86)\mbot_ca_99\mbot_ca_99.exe</path><vendor>PUP.Optional.MBot.A</vendor><action>delete-on-reboot</action><pid>4188</pid><hash>7859dd16e6a36dc973af3249e61d8a76</hash></process>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>6b66fcf785044ee840f2aa3c3bc77987</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>6b66fcf785044ee840f2aa3c3bc77987</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>ede41ed595f41c1a55cea7d4f31016ea</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.5</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>0fc2e70c8801f244e2e5c7a811f2d62a</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>379a19da1f6ac57139de01e1f90b847c</hash></key>
<key><path>HKU\S-1-5-21-1095237210-819956943-3649504818-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE</path><vendor>PUP.Optional.MultiIE.A</vendor><action>success</action><hash>ac25b340ed9ca6903e147369b74de21e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mbot_ca_99_is1</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>a52cf003a4e58ea84f1f212df3109a66</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\serverca</path><vendor>PUP.Optional.ConvertAd.A</vendor><action>success</action><hash>09c80ee5e0a9b383b85f5dfc10f30cf4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ConvertAd</path><vendor>PUP.Optional.ConvertAd.A</vendor><action>success</action><hash>09c80ee5e0a9b383b85f5dfc10f30cf4</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE</path><valuename>upmbot_ca_99.exe</valuename><vendor>PUP.Optional.Tuto</vendor><action>success</action><valuedata>C:\Users\Terri\AppData\Local\mbot_ca_99\upmbot_ca_99.exe -runonce</valuedata><hash>676a33c092f778be0f8f2350a36240c0</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>mbot_ca_99</valuename><vendor>PUP.Optional.MBot.A</vendor><action>success</action><valuedata>&quot;C:\Program Files (x86)\mbot_ca_99\mbot_ca_99.exe&quot;</valuedata><hash>7859dd16e6a36dc973af3249e61d8a76</hash></value>
<folder><path>C:\Users\Terri\AppData\Local\mbot_ca_99</path><vendor>PUP.Optional.MBot.A</vendor><action>delete-on-reboot</action><hash>c70a0de63950290d9ecfc18daf54af51</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\mbot_ca_99\mbot_ca_99</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>c70a0de63950290d9ecfc18daf54af51</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\mbot_ca_99\mbot_ca_99\1.20</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>c70a0de63950290d9ecfc18daf54af51</hash></folder>
<folder><path>C:\Program Files (x86)\mbot_ca_99</path><vendor>PUP.Optional.MBot.A</vendor><action>delete-on-reboot</action><hash>a52cf003a4e58ea84f1f212df3109a66</hash></folder>
<folder><path>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>cc053bb8672289ad824b80cfe02330d0</hash></folder>
<folder><path>C:\Users\Terri\AppData\Local\ConvertAd</path><vendor>PUP.Optional.ConvertAd.A</vendor><action>success</action><hash>09c80ee5e0a9b383b85f5dfc10f30cf4</hash></folder>
<folder><path>C:\Users\Terri\AppData\Roaming\VOPackage</path><vendor>PUP.Optional.VOPackage.A</vendor><action>success</action><hash>844d18dbb9d078bec7b96bf8e320b64a</hash></folder>
<file><path>C:\Users\Terri\AppData\Local\mbot_ca_99\upmbot_ca_99.exe</path><vendor>PUP.Optional.Tuto</vendor><action>delete-on-reboot</action><hash>676a33c092f778be0f8f2350a36240c0</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\setupA9_.exe</path><vendor>PUP.Optional.ZombieInvasion.A</vendor><action>success</action><hash>8e4342b13a4f999d4ca98ece15eb21df</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\setup_464.exe</path><vendor>PUP.Optional.MyBestOffersToday.A</vendor><action>success</action><hash>468bc92ac0c93402f2d58a63f40ddd23</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\~nsu.tmp\Au_.exe</path><vendor>PUP.Optional.ZombieInvasion.A</vendor><action>success</action><hash>def3a74c1772b086579e2b318080ca36</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>31a044af078286b062e5ecfcc0447a86</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-install-v0003</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>19b8e90ad8b1b28497b006e2d72da35d</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-processes-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>725fec073e4b1d194bfc3fa9788c26da</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>fcd53ab90683dd5951f6cc1c37cd5da3</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>71600fe4e6a30f279bacdc0cd52f51af</hash></file>
<file><path>C:\Users\Terri\AppData\Local\Temp\vitruvian-installer-uninstall-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>e1f00ae93a4f0a2c2b1c45a3b3518a76</hash></file>
<file><path>C:\Program Files (x86)\mbot_ca_99\mbot_ca_99.exe</path><vendor>PUP.Optional.MBot.A</vendor><action>delete-on-reboot</action><hash>7859dd16e6a36dc973af3249e61d8a76</hash></file>
<file><path>C:\Users\Terri\AppData\Local\mbot_ca_99\upmbot_ca_99.cyl</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>c70a0de63950290d9ecfc18daf54af51</hash></file>
<file><path>C:\Users\Terri\AppData\Local\mbot_ca_99\user_profil.cyp</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>c70a0de63950290d9ecfc18daf54af51</hash></file>
<file><path>C:\Users\Terri\AppData\Local\mbot_ca_99\mbot_ca_99\1.20\cnf.cyl</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>c70a0de63950290d9ecfc18daf54af51</hash></file>
<file><path>C:\Users\Terri\AppData\Local\mbot_ca_99\mbot_ca_99\1.20\eorezo.cyl</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>c70a0de63950290d9ecfc18daf54af51</hash></file>
<file><path>C:\Program Files (x86)\mbot_ca_99\mybestofferstoday_widget.exe</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>a52cf003a4e58ea84f1f212df3109a66</hash></file>
<file><path>C:\Program Files (x86)\mbot_ca_99\predm.exe</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>a52cf003a4e58ea84f1f212df3109a66</hash></file>
<file><path>C:\Program Files (x86)\mbot_ca_99\unins000.dat</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>a52cf003a4e58ea84f1f212df3109a66</hash></file>
<file><path>C:\Program Files (x86)\mbot_ca_99\unins000.exe</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>a52cf003a4e58ea84f1f212df3109a66</hash></file>
<file><path>C:\Program Files (x86)\mbot_ca_99\unins000.msg</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>a52cf003a4e58ea84f1f212df3109a66</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY\MyBestOffersToday.lnk</path><vendor>PUP.Optional.MBot.A</vendor><action>success</action><hash>cc053bb8672289ad824b80cfe02330d0</hash></file>
<file><path>C:\Users\Terri\AppData\Local\ConvertAd\carunasu.exe</path><vendor>PUP.Optional.ConvertAd.A</vendor><action>success</action><hash>09c80ee5e0a9b383b85f5dfc10f30cf4</hash></file>
<file><path>C:\Users\Terri\AppData\Local\ConvertAd\CASrv.exe</path><vendor>PUP.Optional.ConvertAd.A</vendor><action>success</action><hash>09c80ee5e0a9b383b85f5dfc10f30cf4</hash></file>
<file><path>C:\Users\Terri\AppData\Local\ConvertAd\ConvertAd.exe</path><vendor>PUP.Optional.ConvertAd.A</vendor><action>success</action><hash>09c80ee5e0a9b383b85f5dfc10f30cf4</hash></file>
<file><path>C:\Users\Terri\AppData\Local\ConvertAd\Uninstall.exe</path><vendor>PUP.Optional.ConvertAd.A</vendor><action>success</action><hash>09c80ee5e0a9b383b85f5dfc10f30cf4</hash></file>
<file><path>C:\Users\Terri\AppData\Roaming\VOPackage\VOPackage.exe</path><vendor>PUP.Optional.VOPackage.A</vendor><action>success</action><hash>844d18dbb9d078bec7b96bf8e320b64a</hash></file>
</items>
</mbam-log>



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 12 January 2015 - 04:19 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 nurse_shark

nurse_shark
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calgary, Canada
  • Local time:08:59 PM

Posted 13 January 2015 - 08:48 PM

Marius,

 

Now I can put my computer in Safe Mode. 

Windows is very slow and programs say that they are not responding a lot. Yesterday, when my husband wanted to use the computer, there was a blue screen saying that Windows shut down to prevent any problems. I put the computer in Safe Mode with Networking (what I always put in in...I have in that currently.

C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir	a variant of Win64/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\lsdprn.exe.vir	a variant of Win64/Toolbar.Perion.B potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe	a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll	a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe	a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe	a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe	a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe	a variant of Win32/Systweak.L potentially unwanted application
C:\ProgramData\Kaspersky Lab\PURE13\Temp\crypt\163D7EF3_1bb4_crypt_io_copy.tmp	a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application
C:\Users\All Users\Kaspersky Lab\PURE13\Temp\crypt\163D7EF3_1bb4_crypt_io_copy.tmp	a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application
C:\Users\Terri\AppData\Local\nszCB96.tmp	Win32/AnyProtect.E potentially unwanted application
C:\Users\Terri\AppData\Roaming\DLCNHF	JS/Toolbar.Crossrider.C potentially unwanted application
C:\Windows\Installer\811c9c.msi	a variant of Win32/Systweak.L potentially unwanted application



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 14 January 2015 - 03:40 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users