This topic is lockedScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Lonnie (administrator) on LONNIE-PC on 29-01-2015 23:12:52
Running from C:\Users\Lonnie\Desktop
Loaded Profiles: Lonnie (Available profiles: Lonnie)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-05] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2015-01-04] (Apple Inc.)
HKLM\...\Run: [ComodoFSChrome] => "C:\Program Files\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM\...\Run: [{1606DC18-9578-4cbd-8312-8E9868F06A1D}] => \cmdinstall.exe -cmdfile
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [GoogleChromeAutoLaunch_A4AAD752A94AD0D07B3FA88181A919F9] => C:\Program Files\Comodo\Dragon\dragon.exe [725696 2014-12-28] (Comodo)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [cdloader] => C:\Users\Lonnie\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [GoogleChromeAutoLaunch_5090660AF80758FEEBA1A8C0C9DF7D80] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-28] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 75.126.206.18,184.173.169.186
FireFox:
========
FF ProfilePath: C:\Users\Lonnie\AppData\Roaming\Mozilla\Firefox\Profiles\0937xwmn.default
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4227807349-2635072203-767282089-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lonnie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\.xml
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppp", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppppppp"
CHR DefaultSearchKeyword: Default ->
CHR DefaultSearchURL: Default -> http://isearch.omiga...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR Profile: C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-12-28]
CHR Extension: (Ancient History Encyclopedia) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2014-12-28]
CHR Extension: (Angry Birds) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-26]
CHR Extension: (Facebook) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-12-28]
CHR Extension: (AdBlock Plus) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjmhchkipehceidlknhjhbgaipcnafm [2014-12-29]
CHR Extension: (Calculator) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2014-12-28]
CHR Extension: (A Space Shooter for FREE) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa [2014-12-28]
CHR Extension: (Mickey Sketch Theme) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmaadlipkibabccamkbjjaklifnohhp [2014-12-28]
CHR Extension: (My Scrap Nook) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2014-12-28]
CHR Extension: (Typing Lessons) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\heehkcnmhmdicclbnofindfmokhfnjag [2014-12-28]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-12-28]
CHR Extension: (sixty second shooter) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnlbhjpainpnikdjnmcmiaombhhchkg [2014-12-28]
CHR Extension: (Jamstash) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2014-12-28]
CHR Extension: (WordPress.com) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2014-12-28]
CHR Extension: (Coloring Pages) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhphoobahjckipglphjghghlgodanfj [2014-12-28]
CHR Extension: (Fieldrunners) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak [2014-12-28]
CHR Extension: (Chain Rxn) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdlfmoglbdpomddljgapccmlognoaf [2014-12-28]
CHR Extension: (Google Wallet) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-01-15]
CHR Extension: (Weather Underground) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2014-12-28]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2370240 2014-12-28] (Comodo Security Solutions, Inc.)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-10-29] (Teruten) [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2014-05-06] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-12-11] (Eastman Kodak Company)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14657824 2013-11-29] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-29] () [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-10-30] (NVIDIA Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 23:12 - 2015-01-29 23:13 - 00013847 _____ () C:\Users\Lonnie\Desktop\FRST.txt
2015-01-29 23:00 - 2015-01-29 23:03 - 00000000 ____D () C:\AdwCleaner
2015-01-29 22:59 - 2015-01-29 22:59 - 02194432 _____ () C:\Users\Lonnie\Desktop\AdwCleaner.exe
2015-01-29 22:56 - 2015-01-29 22:56 - 00003785 _____ () C:\Users\Lonnie\Desktop\JRT.txt
2015-01-29 22:54 - 2015-01-29 22:54 - 01707939 _____ (Thisisu) C:\Users\Lonnie\Desktop\JRT.exe
2015-01-29 22:54 - 2015-01-29 22:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-29 22:46 - 2015-01-29 22:46 - 00000000 ____D () C:\Users\Lonnie\Desktop\FRST-OlderVersion
2015-01-29 10:44 - 2015-01-29 10:44 - 00045516 _____ () C:\Windows\system32\.crusader
2015-01-29 10:33 - 2015-01-29 10:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-29 10:28 - 2015-01-29 22:48 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-29 10:28 - 2015-01-29 10:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-29 10:27 - 2015-01-29 10:28 - 10285456 _____ (SurfRight B.V.) C:\Users\Lonnie\Downloads\HitmanPro.exe
2015-01-29 10:06 - 2015-01-29 10:06 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Lonnie\Downloads\SpyHunter-Installer.exe
2015-01-29 09:20 - 2015-01-29 09:20 - 00000000 ____D () C:\themes
2015-01-29 09:20 - 2015-01-29 09:20 - 00000000 ____D () C:\cis
2015-01-29 09:20 - 2013-11-21 07:49 - 04814552 _____ (COMODO) C:\cmdinstall.exe
2015-01-29 09:20 - 2013-09-24 05:53 - 03360984 _____ (Terra Informatica Software, Inc.) C:\cmdhtml.dll
2015-01-29 09:20 - 2013-09-24 05:53 - 00281816 _____ (Igor Pavlov) C:\7za.dll
2015-01-29 08:21 - 2015-01-29 09:21 - 00000674 _____ () C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-01-29 08:21 - 2015-01-29 09:20 - 00001123 __RSH () C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2015-01-29 08:06 - 2015-01-29 08:06 - 00353699 _____ () C:\Users\Lonnie\Documents\CisReport_x86_v8.0.0.4344_20150129-080558.zip
2015-01-29 06:28 - 2015-01-29 06:28 - 00020873 _____ () C:\Users\Lonnie\Downloads\0A681810546D63E7D335AB3A6F658685A1DD7625.torrent
2015-01-28 10:34 - 2015-01-28 10:36 - 00000045 _____ () C:\Users\Lonnie\Documents\Indiana TID number.txt
2015-01-28 10:33 - 2015-01-28 10:33 - 00019698 _____ () C:\Users\Lonnie\AppData\Local\recently-used.xbel
2015-01-26 21:23 - 2015-01-26 21:23 - 00000000 ____D () C:\Users\Lonnie\Documents\Empire Earth II
2015-01-26 21:23 - 2015-01-26 21:23 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Sierra
2015-01-26 21:19 - 2015-01-26 21:19 - 00000878 _____ () C:\Users\Public\Desktop\Launch Empire Earth II.lnk
2015-01-26 21:19 - 2015-01-26 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2015-01-26 21:19 - 2015-01-26 21:19 - 00000000 ____D () C:\Program Files\Sierra
2015-01-26 21:14 - 2015-01-26 21:15 - 00000000 ____D () C:\Program Files\GameSpy Arcade
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-26 20:44 - 2015-01-26 20:44 - 00011734 _____ () C:\Users\Lonnie\Downloads\[kickass.so]empire.earth.1.patch.1040.crack.no.cd.torrent
2015-01-26 20:42 - 2015-01-26 20:42 - 00027994 _____ () C:\Users\Lonnie\Downloads\[kickass.so]empire.earth.2.full.with.crack.kg.torrent
2015-01-26 20:35 - 2015-01-26 20:35 - 01149952 _____ () C:\Users\Lonnie\Downloads\Empire Earth 2 Gold Edition [GOG].exe
2015-01-26 20:33 - 2015-01-26 20:33 - 01159680 _____ () C:\Users\Lonnie\Downloads\empire earth [no.15] good old games gog.com.exe
2015-01-26 20:28 - 2015-01-26 20:28 - 00024319 _____ () C:\Users\Lonnie\Downloads\BDA69BCB62161DD9ADC9AD23ABB6D6577C693431.torrent
2015-01-26 16:43 - 2015-01-26 16:43 - 00025777 _____ () C:\Users\Lonnie\Downloads\F90B83619D04FEAE8FA10EB19931D5DF7C217A9B (1).torrent
2015-01-26 14:07 - 2015-01-26 14:07 - 00025777 _____ () C:\Users\Lonnie\Downloads\F90B83619D04FEAE8FA10EB19931D5DF7C217A9B.torrent
2015-01-26 09:23 - 2015-01-26 09:23 - 01120768 _____ (Farbar) C:\Users\Lonnie\Downloads\FRST (1).exe
2015-01-26 08:35 - 2015-01-26 08:36 - 04176437 _____ () C:\Users\Lonnie\Downloads\tdsskiller.zip
2015-01-26 08:30 - 2015-01-26 09:28 - 00038221 _____ () C:\Users\Lonnie\Downloads\Addition.txt
2015-01-26 08:28 - 2015-01-29 23:12 - 00000000 ____D () C:\FRST
2015-01-26 08:28 - 2015-01-26 09:28 - 00039281 _____ () C:\Users\Lonnie\Downloads\FRST.txt
2015-01-26 08:27 - 2015-01-29 22:46 - 01121792 _____ (Farbar) C:\Users\Lonnie\Desktop\FRST.exe
2015-01-25 08:27 - 2015-01-25 08:27 - 00020677 _____ () C:\Users\Lonnie\Downloads\031871009351B782D14569E9089EC490BB9BFC00.torrent
2015-01-24 21:55 - 2015-01-24 21:55 - 00056322 _____ () C:\Users\Lonnie\Desktop\Extras.Txt
2015-01-24 21:53 - 2015-01-24 21:53 - 00106122 _____ () C:\Users\Lonnie\Desktop\OTL.Txt
2015-01-24 21:38 - 2015-01-24 21:38 - 00602112 _____ (OldTimer Tools) C:\Users\Lonnie\Desktop\OTL (1).exe
2015-01-24 21:37 - 2015-01-24 21:37 - 00602112 _____ (OldTimer Tools) C:\Users\Lonnie\Downloads\OTL.exe
2015-01-24 07:43 - 2015-01-24 07:43 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\dvdcss
2015-01-23 11:40 - 2015-01-24 07:30 - 00000000 ____D () C:\Users\Lonnie\Desktop\Body work
2015-01-23 09:20 - 2015-01-23 09:24 - 00000010 _____ () C:\Users\Lonnie\Documents\New Text Document (2).txt
2015-01-23 09:15 - 2015-01-23 09:15 - 00347816 _____ (Microsoft Corporation) C:\Users\Lonnie\Downloads\MicrosoftFixit.HomeGroup.Run.exe
2015-01-22 20:23 - 2015-01-25 00:23 - 18126512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-13 18:39 - 2015-01-13 18:39 - 00143518 _____ () C:\Users\Lonnie\Downloads\FF204E24F6CA4FA350A7154CC113922F4FF37981.torrent
2015-01-13 14:18 - 2015-01-13 14:18 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 14:18 - 2015-01-13 14:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 14:18 - 2015-01-13 14:18 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 14:18 - 2015-01-13 14:18 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 11:31 - 2015-01-13 11:31 - 00000000 ____D () C:\Users\Lonnie\Documents\01-13-2015
2015-01-11 06:19 - 2015-01-11 06:19 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Apple Computer
2015-01-06 08:42 - 2015-01-06 08:42 - 00000000 ____D () C:\Users\Lonnie\Documents\01-06-2015
2015-01-05 09:40 - 2015-01-05 09:47 - 00000000 ____D () C:\Users\Lonnie\Documents\01-05-2015
2015-01-04 08:16 - 2015-01-11 09:16 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-04 08:13 - 2015-01-04 08:13 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-04 08:12 - 2015-01-04 08:12 - 39401336 _____ (Apple Inc.) C:\Users\Lonnie\Downloads\QuickTimeInstaller.exe
2015-01-02 12:40 - 2015-01-02 12:42 - 00000000 ____D () C:\Users\Lonnie\Documents\in tax
2015-01-02 12:38 - 2015-01-02 12:40 - 00000000 ____D () C:\Users\Lonnie\Documents\brighthouse
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 23:10 - 2013-11-20 12:05 - 01966546 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 23:06 - 2014-12-28 09:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 23:06 - 2013-11-23 09:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-29 23:06 - 2013-11-21 10:31 - 00297528 _____ () C:\Windows\PFRO.log
2015-01-29 23:06 - 2013-11-20 09:30 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-29 23:06 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 23:06 - 2009-07-13 23:39 - 00066623 _____ () C:\Windows\setupact.log
2015-01-29 22:52 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 22:52 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 22:45 - 2014-08-26 10:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-29 22:23 - 2013-11-21 08:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 22:22 - 2014-12-28 09:17 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 10:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-29 09:40 - 2013-11-20 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-29 09:35 - 2013-11-20 10:58 - 00000000 ____D () C:\Program Files\Comodo
2015-01-29 09:35 - 2013-09-27 05:28 - 00000000 ___HD () C:\VTRoot
2015-01-29 09:34 - 2013-11-20 10:59 - 00000000 ____D () C:\ProgramData\COMODO
2015-01-29 09:20 - 2014-06-04 09:55 - 00000995 _____ () C:\Users\Lonnie\Desktop\magicJack.lnk
2015-01-29 09:20 - 2014-06-04 09:55 - 00000981 _____ () C:\Users\Lonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-01-29 09:20 - 2014-05-28 21:36 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\mjusbsp
2015-01-29 09:08 - 2013-11-21 23:05 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Azureus
2015-01-29 08:59 - 2014-09-13 19:09 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\vlc
2015-01-28 10:33 - 2013-11-20 09:43 - 00000000 ____D () C:\Users\Lonnie\.gimp-2.8
2015-01-28 10:31 - 2013-11-20 09:54 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\gtk-2.0
2015-01-26 21:19 - 2013-11-21 09:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-25 00:23 - 2013-11-21 08:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 00:23 - 2013-11-21 08:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 09:25 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-19 07:41 - 2013-11-20 09:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 07:28 - 2013-11-20 09:54 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 11:16 - 2014-12-03 09:12 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-11 09:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-11 09:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2015-01-11 06:19 - 2013-11-20 09:25 - 00000000 ____D () C:\Users\Lonnie
2015-01-02 12:45 - 2014-12-26 07:59 - 00000000 ____D () C:\Users\Lonnie\Documents\Trinity Calender
2015-01-01 13:17 - 2013-11-23 09:26 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\Firestorm
==================== Files in the root of some directories =======
2014-01-19 10:14 - 2014-01-19 10:14 - 0000000 _____ () C:\Users\Lonnie\AppData\Roaming\SharedSettings.ccs
2014-01-19 10:15 - 2014-01-19 10:15 - 0067992 _____ () C:\Users\Lonnie\AppData\Local\jkffplbl
2014-01-19 10:16 - 2014-01-19 10:16 - 0012326 _____ () C:\Users\Lonnie\AppData\Local\pavttpqp
2015-01-28 10:33 - 2015-01-28 10:33 - 0019698 _____ () C:\Users\Lonnie\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Lonnie\AppData\Local\Temp\HitmanPro.exe
C:\Users\Lonnie\AppData\Local\Temp\Quarantine.exe
C:\Users\Lonnie\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 00:47
==================== End Of Log ============================
Browser Hijacked [Solved]
#16
Posted 29 January 2015 - 10:15 PM
- Topic Starter
-
- Member
-
- 233 posts
Member
#17
Posted 29 January 2015 - 10:15 PM
- Topic Starter
-
- Member
-
- 233 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Lonnie at 2015-01-29 23:13:33
Running from C:\Users\Lonnie\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassins Creed Revelations 1.0 (HKLM\...\Assassins Creed Revelations_is1) (Version: 1.0 - Ubisoft)
BoneLab (HKLM\...\{D16CBD59-07B3-4F98-A404-01B6D87A90F2}) (Version: 1.4.0.2 - Next Dimension Imaging)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
center (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CleanUp! (HKLM\...\CleanUp!) (Version: - )
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
Empire Earth II (HKLM\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version: 1.02 - Sierra)
essentials (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Firestorm-Beta (remove only) (HKLM\...\Firestorm-Beta) (Version: 4.5.1.38838 - The Phoenix Firestorm Project, Inc.)
Firestorm-Release (remove only) (HKLM\...\Firestorm-Release) (Version: 4.6.9.42969 - The Phoenix Firestorm Project, Inc.)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
G'MIC for GIMP version 1.5.8.2 (HKLM\...\G'MIC for GIMP_is1) (Version: 1.5.8.2 - )
Google Books Downloader version 2.3 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
grillaprice (HKLM\...\grillaprice) (Version: - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
LEGO Batman 3 - Beyond Gotham (HKLM\...\LEGO Batman 3 - Beyond Gotham_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
magicJack (HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Morrowind (HKLM\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version: - )
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.12 - NVIDIA Corporation)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Pegasus Mail (HKLM\...\Pegasus Mail) (Version: - David Harris)
Pegasus Mail HTML Renderer 2.4.9.2 (HKLM\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version: - Micha's Midnight Manufacture)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 5.8 - Power Software Ltd)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PrivDog (HKLM\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_27 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_27 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.75 - NVIDIA Corporation) Hidden
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
System Requirements Lab (HKLM\...\{AC369A7C-2E0D-4925-BFB1-AB50BF825CCC}) (Version: 6.0.8.0 - Husdawg, LLC)
TESV Skyrim LE version 1.9.32.0 (HKLM\...\TESV Skyrim LE_is1) (Version: 1.9.32.0 - Lyxer_Loader)
Unity Web Player (HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4227807349-2635072203-767282089-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Lonnie\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
==================== Restore Points =========================
11-01-2015 10:05:15 Scheduled Checkpoint
19-01-2015 00:00:07 Scheduled Checkpoint
19-01-2015 07:26:44 Windows Update
26-01-2015 21:18:34 Installed Empire Earth II
29-01-2015 08:02:49 Device Driver Package Install: COMODO Network Service
29-01-2015 09:37:21 Removed GeekBuddy.
29-01-2015 10:41:33 Checkpoint by HitmanPro
29-01-2015 10:43:23 Checkpoint by HitmanPro
29-01-2015 22:40:24 Restore Point Created by FRST
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2015-01-29 22:40 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0612857A-4D96-4A80-80A6-144442BF83C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-01-04] (Apple Inc.)
Task: {08E826DF-7983-4D33-AC73-520F8D7D04B0} - System32\Tasks\PastaQuotes => C:\Program Files\pastaleads\ScheduledTask.exe
Task: {1127E81B-ADF1-4EE9-B675-33A29DAF81AC} - System32\Tasks\{41A3FD47-AC06-4610-8451-A76D5A0D7F2F} => pcalua.exe -a C:\Users\Lonnie\Downloads\FirmwareFlashLauncher.exe -d C:\Users\Lonnie\Desktop
Task: {1C0D753B-E868-40BF-BCDD-5C0E1B51C8FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {3D705851-57CD-4512-8100-49D69CD5B55D} - System32\Tasks\{B3C33E76-D92C-4C87-8BA0-F6F6C0B1A367} => pcalua.exe -a "C:\Users\Lonnie\Downloads\erunt (2)\ERUNT.EXE" -d "C:\Users\Lonnie\Downloads\erunt (2)"
Task: {8ACFA7E6-9369-4009-BDAB-490273617C25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.)
Task: {A017A1F5-B136-454F-88AB-D5C404F3C54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.)
Task: {F1E1FAEF-DC7C-4586-AB96-95A7AE31048C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-11-23 09:01 - 2014-07-02 14:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-12-28 09:18 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-28 09:18 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-29 10:33 - 2015-01-29 10:33 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Lonnie\Downloads\0A681810546D63E7D335AB3A6F658685A1DD7625.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\BDA69BCB62161DD9ADC9AD23ABB6D6577C693431.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\Empire Earth 2 Gold Edition [GOG].exe:$CmdTcID
AlternateDataStreams: C:\Users\Lonnie\Downloads\Empire Earth 2 Gold Edition [GOG].exe:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\empire earth [no.15] good old games gog.com.exe:$CmdTcID
AlternateDataStreams: C:\Users\Lonnie\Downloads\empire earth [no.15] good old games gog.com.exe:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\F90B83619D04FEAE8FA10EB19931D5DF7C217A9B (1).torrent:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\F90B83619D04FEAE8FA10EB19931D5DF7C217A9B.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\Invoice_df3551c1-06e2-4eff-b5ce-e241b9da87ae.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\[kickass.so]empire.earth.1.patch.1040.crack.no.cd.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\[kickass.so]empire.earth.2.full.with.crack.kg.torrent:$CmdZnID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-4227807349-2635072203-767282089-500 - Administrator - Disabled)
Guest (S-1-5-21-4227807349-2635072203-767282089-501 - Limited - Disabled)
Lonnie (S-1-5-21-4227807349-2635072203-767282089-1001 - Administrator - Enabled) => C:\Users\Lonnie
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (01/29/2015 11:06:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 38%
Total physical RAM: 3582.49 MB
Available physical RAM: 2203.45 MB
Total Pagefile: 7163.27 MB
Available Pagefile: 5649.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:233.02 GB) (Free:70.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:116.53 GB) (Free:86.81 GB) NTFS
Drive g: () (Removable) (Total:3.67 GB) (Free:1.63 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 36363636)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116.2 GB) - (Type=05)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
#18
Posted 29 January 2015 - 10:16 PM
- Topic Starter
-
- Member
-
- 233 posts
Member
Things are loading faster over all the machine is running much better thanks.
#19
Posted 29 January 2015 - 11:08 PM
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Things are loading faster over all the machine is running much better thanks.
That's good to hear, however, before we can continue, I must ask you to remove these from your system. I will be unable to assist you further if they remain on your system. They are a violation of our Terms of Service which you agreed to when you created your account here.
C:\Users\Lonnie\Downloads\[kickass.so]empire.earth.1.patch.1040.crack.no.cd.torrent
C:\Users\Lonnie\Downloads\[kickass.so]empire.earth.2.full.with.crack.kg.torrent
C:\Users\Lonnie\Downloads\Empire Earth 2 Gold Edition [GOG].exe
Empire Earth II
The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.
You have two options now:
Option #1: Keep the illegally obtained software, which will result in stopping my help and closing this topic
Option #2: Remove the illegally obtained software and continue with cleaning your computer
It's your call. If you choose to remove that software, do so and then show me the new FRST scan using the following instructions:
- Start Farbar's Recovery Scan Tool and check the Addition.txt box. Then press the Scan button.
- FRST will scan your system and produce two logs, FRST.txt and Addition.txt. Please post them in your next post.
Please post each of these logs as a separate reply in this thread.
FRST.txt Log
Addition.txt Log
#20
Posted 30 January 2015 - 07:50 PM
- Topic Starter
-
- Member
-
- 233 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Lonnie at 2015-01-30 20:47:24
Running from C:\Users\Lonnie\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassins Creed Revelations 1.0 (HKLM\...\Assassins Creed Revelations_is1) (Version: 1.0 - Ubisoft)
BoneLab (HKLM\...\{D16CBD59-07B3-4F98-A404-01B6D87A90F2}) (Version: 1.4.0.2 - Next Dimension Imaging)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
center (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CleanUp! (HKLM\...\CleanUp!) (Version: - )
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
essentials (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Firestorm-Beta (remove only) (HKLM\...\Firestorm-Beta) (Version: 4.5.1.38838 - The Phoenix Firestorm Project, Inc.)
Firestorm-Release (remove only) (HKLM\...\Firestorm-Release) (Version: 4.6.9.42969 - The Phoenix Firestorm Project, Inc.)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
GeekBuddy (HKLM\...\{79B9250E-3714-4877-A2B0-D6C1E93E471A}) (Version: 4.18.121 - Comodo Security Solutions Inc)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
G'MIC for GIMP version 1.5.8.2 (HKLM\...\G'MIC for GIMP_is1) (Version: 1.5.8.2 - )
Google Books Downloader version 2.3 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
grillaprice (HKLM\...\grillaprice) (Version: - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
LEGO Batman 3 - Beyond Gotham (HKLM\...\LEGO Batman 3 - Beyond Gotham_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
magicJack (HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Morrowind (HKLM\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version: - )
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.12 - NVIDIA Corporation)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Pegasus Mail (HKLM\...\Pegasus Mail) (Version: - David Harris)
Pegasus Mail HTML Renderer 2.4.9.2 (HKLM\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version: - Micha's Midnight Manufacture)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 5.8 - Power Software Ltd)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PrivDog (HKLM\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_27 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_27 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.75 - NVIDIA Corporation) Hidden
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
System Requirements Lab (HKLM\...\{AC369A7C-2E0D-4925-BFB1-AB50BF825CCC}) (Version: 6.0.8.0 - Husdawg, LLC)
TESV Skyrim LE version 1.9.32.0 (HKLM\...\TESV Skyrim LE_is1) (Version: 1.9.32.0 - Lyxer_Loader)
Unity Web Player (HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4227807349-2635072203-767282089-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Lonnie\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
==================== Restore Points =========================
19-01-2015 00:00:07 Scheduled Checkpoint
19-01-2015 07:26:44 Windows Update
26-01-2015 21:18:34 Installed Empire Earth II
29-01-2015 08:02:49 Device Driver Package Install: COMODO Network Service
29-01-2015 09:37:21 Removed GeekBuddy.
29-01-2015 10:41:33 Checkpoint by HitmanPro
29-01-2015 10:43:23 Checkpoint by HitmanPro
29-01-2015 22:40:24 Restore Point Created by FRST
30-01-2015 05:49:19 Installing COMODO Internet Security Premium
30-01-2015 05:50:46 Device Driver Package Install: COMODO Network Service
30-01-2015 20:45:38 Removed Empire Earth II
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2015-01-29 22:40 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0612857A-4D96-4A80-80A6-144442BF83C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-01-04] (Apple Inc.)
Task: {08E826DF-7983-4D33-AC73-520F8D7D04B0} - System32\Tasks\PastaQuotes => C:\Program Files\pastaleads\ScheduledTask.exe
Task: {1127E81B-ADF1-4EE9-B675-33A29DAF81AC} - System32\Tasks\{41A3FD47-AC06-4610-8451-A76D5A0D7F2F} => pcalua.exe -a C:\Users\Lonnie\Downloads\FirmwareFlashLauncher.exe -d C:\Users\Lonnie\Desktop
Task: {1C0D753B-E868-40BF-BCDD-5C0E1B51C8FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {3D705851-57CD-4512-8100-49D69CD5B55D} - System32\Tasks\{B3C33E76-D92C-4C87-8BA0-F6F6C0B1A367} => pcalua.exe -a "C:\Users\Lonnie\Downloads\erunt (2)\ERUNT.EXE" -d "C:\Users\Lonnie\Downloads\erunt (2)"
Task: {8ACFA7E6-9369-4009-BDAB-490273617C25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.)
Task: {A017A1F5-B136-454F-88AB-D5C404F3C54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.)
Task: {B09F53FC-4A33-4BD4-B889-EAA07699C650} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {B6573E58-A8CE-4337-9DF1-1A5EDDCD86B8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {BC797AF4-FBA2-4CBE-8435-561FACA9ABBF} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {D20A8D01-F90F-4C11-8279-55328EDCA369} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {E705D62B-0188-4E1F-8F81-CA96B6192A7E} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {F1E1FAEF-DC7C-4586-AB96-95A7AE31048C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-11-23 09:01 - 2014-07-02 14:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-01-30 04:25 - 2015-01-26 22:44 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-30 04:25 - 2015-01-26 22:44 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-30 04:25 - 2015-01-26 22:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.94\pdf.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 00976080 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 02254544 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 08024784 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 00032976 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 01299664 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2014-12-03 09:12 - 2015-01-16 11:16 - 03347056 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-12-03 09:12 - 2015-01-16 11:16 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-03 09:12 - 2015-01-16 11:16 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-07-04 12:00 - 2014-07-04 12:00 - 00084344 _____ () C:\Users\Lonnie\AppData\Roaming\mjusbsp\octvqem_apiw.DLL
2013-04-15 17:39 - 2013-04-15 17:39 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Lonnie\Downloads\Invoice_df3551c1-06e2-4eff-b5ce-e241b9da87ae.pdf:$CmdZnID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-4227807349-2635072203-767282089-500 - Administrator - Disabled)
Guest (S-1-5-21-4227807349-2635072203-767282089-501 - Limited - Disabled)
Lonnie (S-1-5-21-4227807349-2635072203-767282089-1001 - Administrator - Enabled) => C:\Users\Lonnie
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2015 08:45:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bff8e0e3-6b70-4119-8543-4c38cf8578c9}
Error: (01/30/2015 09:34:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gimp-2.8.exe, version: 2.8.14.0, time stamp: 0x00000000
Faulting module name: libpixman-1-0.dll, version: 0.0.0.0, time stamp: 0x0072a5f0
Exception code: 0xc0000005
Fault offset: 0x00084b3b
Faulting process id: 0xa4c
Faulting application start time: 0xgimp-2.8.exe0
Faulting application path: gimp-2.8.exe1
Faulting module path: gimp-2.8.exe2
Report Id: gimp-2.8.exe3
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisAlertCisAlert//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisEventCisEvent//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: SELECT * FROM CisStatusChangeCisStatusChange//./root/cis
System errors:
=============
Error: (01/30/2015 06:27:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/29/2015 11:06:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Microsoft Office Sessions:
=========================
Error: (01/30/2015 08:45:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bff8e0e3-6b70-4119-8543-4c38cf8578c9}
Error: (01/30/2015 09:34:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gimp-2.8.exe2.8.14.000000000libpixman-1-0.dll0.0.0.00072a5f0c000000500084b3ba4c01d03c994b5dc736C:\Program Files\GIMP 2\bin\gimp-2.8.exeC:\Program Files\GIMP 2\bin\libpixman-1-0.dll10c2a5db-a88d-11e4-bd92-001a4d4ff044
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisAlertCisAlert//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisEventCisEvent//./root/cis
Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: SELECT * FROM CisStatusChangeCisStatusChange//./root/cis
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 41%
Total physical RAM: 3582.49 MB
Available physical RAM: 2103.16 MB
Total Pagefile: 7163.27 MB
Available Pagefile: 5366.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.13 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:233.02 GB) (Free:69.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:116.53 GB) (Free:86.81 GB) NTFS
Drive g: () (Removable) (Total:3.67 GB) (Free:3.67 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 36363636)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116.2 GB) - (Type=05)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
#21
Posted 30 January 2015 - 07:51 PM
- Topic Starter
-
- Member
-
- 233 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Lonnie (administrator) on LONNIE-PC on 30-01-2015 20:46:27
Running from C:\Users\Lonnie\Desktop
Loaded Profiles: Lonnie (Available profiles: Lonnie)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(magicJack L.P.) C:\Users\Lonnie\AppData\Roaming\mjusbsp\magicJack.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-05] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2015-01-04] (Apple Inc.)
HKLM\...\Run: [ComodoFSChrome] => "C:\Program Files\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [GoogleChromeAutoLaunch_A4AAD752A94AD0D07B3FA88181A919F9] => C:\Program Files\Comodo\Dragon\dragon.exe [725696 2014-12-28] (Comodo)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [cdloader] => C:\Users\Lonnie\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2015-01-30] (magicJack L.P.)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [GoogleChromeAutoLaunch_5090660AF80758FEEBA1A8C0C9DF7D80] => C:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4227807349-2635072203-767282089-1001 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-4227807349-2635072203-767282089-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{8270EF4F-3060-4E70-871D-BC3BABF46597}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 75.126.206.18,184.173.169.186
FireFox:
========
FF ProfilePath: C:\Users\Lonnie\AppData\Roaming\Mozilla\Firefox\Profiles\0937xwmn.default
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4227807349-2635072203-767282089-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lonnie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\.xml
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppp", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppppppp"
CHR DefaultSearchKeyword: Default ->
CHR DefaultSearchURL: Default -> http://isearch.omiga...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR Profile: C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-12-28]
CHR Extension: (Ancient History Encyclopedia) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2014-12-28]
CHR Extension: (Angry Birds) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-26]
CHR Extension: (Facebook) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-12-28]
CHR Extension: (AdBlock Plus) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjmhchkipehceidlknhjhbgaipcnafm [2014-12-29]
CHR Extension: (Calculator) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2014-12-28]
CHR Extension: (A Space Shooter for FREE) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa [2014-12-28]
CHR Extension: (Mickey Sketch Theme) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmaadlipkibabccamkbjjaklifnohhp [2014-12-28]
CHR Extension: (My Scrap Nook) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2014-12-28]
CHR Extension: (Typing Lessons) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\heehkcnmhmdicclbnofindfmokhfnjag [2014-12-28]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-12-28]
CHR Extension: (sixty second shooter) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnlbhjpainpnikdjnmcmiaombhhchkg [2014-12-28]
CHR Extension: (Jamstash) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2014-12-28]
CHR Extension: (WordPress.com) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2014-12-28]
CHR Extension: (Coloring Pages) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhphoobahjckipglphjghghlgodanfj [2014-12-28]
CHR Extension: (Fieldrunners) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak [2014-12-28]
CHR Extension: (Chain Rxn) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdlfmoglbdpomddljgapccmlognoaf [2014-12-28]
CHR Extension: (Search Helper: Preview, Note, Tag, Hide etc) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\naddbmiihfcdfaeencbcmbpioghcjlje [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-01-15]
CHR Extension: (Weather Underground) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2014-12-28]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2015-01-30] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2370240 2014-12-28] (Comodo Security Solutions, Inc.)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-10-29] (Teruten) [File not signed]
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2014-05-06] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-12-11] (Eastman Kodak Company)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14657824 2013-11-29] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-29] () [File not signed]
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-10-30] (NVIDIA Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 09:40 - 2015-01-30 09:40 - 00020317 _____ () C:\Users\Lonnie\AppData\Local\recently-used.xbel
2015-01-30 07:38 - 2015-01-30 07:38 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2015-01-30 05:51 - 2015-01-30 20:47 - 00447248 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-30 05:51 - 2015-01-30 05:51 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-01-30 05:50 - 2015-01-30 05:50 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-30 05:48 - 2015-01-30 07:38 - 00002013 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2015-01-30 05:48 - 2015-01-30 05:48 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-30 05:45 - 2015-01-30 05:46 - 226075384 _____ (COMODO) C:\Users\Lonnie\Downloads\cispremium_installer_6100_08.exe
2015-01-29 23:13 - 2015-01-30 11:24 - 00020787 _____ () C:\Users\Lonnie\Desktop\Addition.txt
2015-01-29 23:12 - 2015-01-30 20:47 - 00016681 _____ () C:\Users\Lonnie\Desktop\FRST.txt
2015-01-29 23:00 - 2015-01-29 23:03 - 00000000 ____D () C:\AdwCleaner
2015-01-29 22:59 - 2015-01-29 22:59 - 02194432 _____ () C:\Users\Lonnie\Desktop\AdwCleaner.exe
2015-01-29 22:56 - 2015-01-29 22:56 - 00003785 _____ () C:\Users\Lonnie\Desktop\JRT.txt
2015-01-29 22:54 - 2015-01-29 22:54 - 01707939 _____ (Thisisu) C:\Users\Lonnie\Desktop\JRT.exe
2015-01-29 22:54 - 2015-01-29 22:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-29 22:46 - 2015-01-29 22:46 - 00000000 ____D () C:\Users\Lonnie\Desktop\FRST-OlderVersion
2015-01-29 10:44 - 2015-01-29 10:44 - 00045516 _____ () C:\Windows\system32\.crusader
2015-01-29 10:33 - 2015-01-30 06:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-29 10:28 - 2015-01-29 22:48 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-29 10:28 - 2015-01-29 10:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-29 10:27 - 2015-01-29 10:28 - 10285456 _____ (SurfRight B.V.) C:\Users\Lonnie\Downloads\HitmanPro.exe
2015-01-29 10:06 - 2015-01-29 10:06 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Lonnie\Downloads\SpyHunter-Installer.exe
2015-01-29 09:20 - 2015-01-29 09:20 - 00000000 ____D () C:\themes
2015-01-29 09:20 - 2015-01-29 09:20 - 00000000 ____D () C:\cis
2015-01-29 09:20 - 2013-11-21 07:49 - 04814552 _____ (COMODO) C:\cmdinstall.exe
2015-01-29 09:20 - 2013-09-24 05:53 - 03360984 _____ (Terra Informatica Software, Inc.) C:\cmdhtml.dll
2015-01-29 09:20 - 2013-09-24 05:53 - 00281816 _____ (Igor Pavlov) C:\7za.dll
2015-01-29 08:21 - 2015-01-29 09:21 - 00000674 _____ () C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-01-29 08:21 - 2015-01-29 09:20 - 00001123 __RSH () C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2015-01-29 08:06 - 2015-01-29 08:06 - 00353699 _____ () C:\Users\Lonnie\Documents\CisReport_x86_v8.0.0.4344_20150129-080558.zip
2015-01-28 10:34 - 2015-01-28 10:36 - 00000045 _____ () C:\Users\Lonnie\Documents\Indiana TID number.txt
2015-01-26 21:23 - 2015-01-26 21:23 - 00000000 ____D () C:\Users\Lonnie\Documents\Empire Earth II
2015-01-26 21:14 - 2015-01-26 21:15 - 00000000 ____D () C:\Program Files\GameSpy Arcade
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-26 09:23 - 2015-01-26 09:23 - 01120768 _____ (Farbar) C:\Users\Lonnie\Downloads\FRST (1).exe
2015-01-26 08:35 - 2015-01-26 08:36 - 04176437 _____ () C:\Users\Lonnie\Downloads\tdsskiller.zip
2015-01-26 08:30 - 2015-01-26 09:28 - 00038221 _____ () C:\Users\Lonnie\Downloads\Addition.txt
2015-01-26 08:28 - 2015-01-30 20:46 - 00000000 ____D () C:\FRST
2015-01-26 08:28 - 2015-01-26 09:28 - 00039281 _____ () C:\Users\Lonnie\Downloads\FRST.txt
2015-01-26 08:27 - 2015-01-29 22:46 - 01121792 _____ (Farbar) C:\Users\Lonnie\Desktop\FRST.exe
2015-01-24 21:55 - 2015-01-24 21:55 - 00056322 _____ () C:\Users\Lonnie\Desktop\Extras.Txt
2015-01-24 21:53 - 2015-01-24 21:53 - 00106122 _____ () C:\Users\Lonnie\Desktop\OTL.Txt
2015-01-24 21:38 - 2015-01-24 21:38 - 00602112 _____ (OldTimer Tools) C:\Users\Lonnie\Desktop\OTL (1).exe
2015-01-24 21:37 - 2015-01-24 21:37 - 00602112 _____ (OldTimer Tools) C:\Users\Lonnie\Downloads\OTL.exe
2015-01-24 07:43 - 2015-01-24 07:43 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\dvdcss
2015-01-23 11:40 - 2015-01-24 07:30 - 00000000 ____D () C:\Users\Lonnie\Desktop\Body work
2015-01-23 09:20 - 2015-01-23 09:24 - 00000010 _____ () C:\Users\Lonnie\Documents\New Text Document (2).txt
2015-01-23 09:15 - 2015-01-23 09:15 - 00347816 _____ (Microsoft Corporation) C:\Users\Lonnie\Downloads\MicrosoftFixit.HomeGroup.Run.exe
2015-01-22 20:23 - 2015-01-25 00:23 - 18126512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 14:18 - 2015-01-13 14:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 14:18 - 2015-01-13 14:18 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 14:18 - 2015-01-13 14:18 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 11:31 - 2015-01-13 11:31 - 00000000 ____D () C:\Users\Lonnie\Documents\01-13-2015
2015-01-11 06:19 - 2015-01-11 06:19 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Apple Computer
2015-01-06 08:42 - 2015-01-06 08:42 - 00000000 ____D () C:\Users\Lonnie\Documents\01-06-2015
2015-01-05 09:40 - 2015-01-05 09:47 - 00000000 ____D () C:\Users\Lonnie\Documents\01-05-2015
2015-01-04 08:16 - 2015-01-11 09:16 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-04 08:13 - 2015-01-04 08:13 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-04 08:12 - 2015-01-04 08:12 - 39401336 _____ (Apple Inc.) C:\Users\Lonnie\Downloads\QuickTimeInstaller.exe
2015-01-02 12:40 - 2015-01-02 12:42 - 00000000 ____D () C:\Users\Lonnie\Documents\in tax
2015-01-02 12:38 - 2015-01-02 12:40 - 00000000 ____D () C:\Users\Lonnie\Documents\brighthouse
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 20:23 - 2013-11-21 08:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 20:23 - 2013-11-20 12:05 - 02024036 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 20:22 - 2014-12-28 09:17 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 11:59 - 2014-06-04 09:55 - 00001200 _____ () C:\Users\Lonnie\Desktop\magicJack.lnk
2015-01-30 11:04 - 2014-06-04 09:55 - 00000981 _____ () C:\Users\Lonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-01-30 11:04 - 2014-05-28 21:36 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\mjusbsp
2015-01-30 11:03 - 2009-07-13 23:39 - 00066847 _____ () C:\Windows\setupact.log
2015-01-30 09:40 - 2013-11-20 09:54 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\gtk-2.0
2015-01-30 09:40 - 2013-11-20 09:43 - 00000000 ____D () C:\Users\Lonnie\.gimp-2.8
2015-01-30 09:24 - 2014-09-13 19:09 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\vlc
2015-01-30 09:22 - 2014-12-28 09:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 07:38 - 2013-11-20 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-30 06:34 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 06:34 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 06:32 - 2013-11-20 09:30 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-30 06:27 - 2013-11-23 09:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-30 06:27 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 05:51 - 2013-11-20 10:59 - 00000000 ____D () C:\ProgramData\COMODO
2015-01-30 05:49 - 2013-11-20 10:58 - 00000000 ____D () C:\Program Files\Comodo
2015-01-30 04:25 - 2014-12-28 09:18 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-29 23:06 - 2013-11-21 10:31 - 00297528 _____ () C:\Windows\PFRO.log
2015-01-29 22:45 - 2014-08-26 10:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-29 10:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-29 09:35 - 2013-09-27 05:28 - 00000000 ___HD () C:\VTRoot
2015-01-29 09:08 - 2013-11-21 23:05 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Azureus
2015-01-26 21:19 - 2013-11-21 09:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-25 00:23 - 2013-11-21 08:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 00:23 - 2013-11-21 08:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 09:25 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-19 07:41 - 2013-11-20 09:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 07:28 - 2013-11-20 09:54 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 11:16 - 2014-12-03 09:12 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-11 09:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-11 09:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2015-01-11 06:19 - 2013-11-20 09:25 - 00000000 ____D () C:\Users\Lonnie
2015-01-02 12:45 - 2014-12-26 07:59 - 00000000 ____D () C:\Users\Lonnie\Documents\Trinity Calender
2015-01-01 13:17 - 2013-11-23 09:26 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\Firestorm
==================== Files in the root of some directories =======
2014-01-19 10:14 - 2014-01-19 10:14 - 0000000 _____ () C:\Users\Lonnie\AppData\Roaming\SharedSettings.ccs
2014-01-19 10:15 - 2014-01-19 10:15 - 0067992 _____ () C:\Users\Lonnie\AppData\Local\jkffplbl
2014-01-19 10:16 - 2014-01-19 10:16 - 0012326 _____ () C:\Users\Lonnie\AppData\Local\pavttpqp
2015-01-30 09:40 - 2015-01-30 09:40 - 0020317 _____ () C:\Users\Lonnie\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Lonnie\AppData\Local\Temp\HitmanPro.exe
C:\Users\Lonnie\AppData\Local\Temp\Quarantine.exe
C:\Users\Lonnie\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 00:47
==================== End Of Log ============================
#22
Posted 30 January 2015 - 07:55 PM
- Topic Starter
-
- Member
-
- 233 posts
Member
I think I deleted everything you asked..... FYI I do own that game.
#23
Posted 30 January 2015 - 08:02 PM
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Let's continue the cleaning process. We're going to run a small fix with FRST and then sweep for remnants and orphans.
Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.
Step 1: Fix with FRST
- Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
- Right-click in the open notepad and select Paste).
- Save it on the desktop as fixlist.txt
Start
CreateRestorePoint:
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppp", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppppppp"
CHR DefaultSearchURL: Default -> http://isearch.omiga...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
AlternateDataStreams: C:\Users\Lonnie\Downloads\Invoice_df3551c1-06e2-4eff-b5ce-e241b9da87ae.pdf:$CmdZnID
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.
Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.
Step 2: Scan with Malwarebytes
Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
On completion of the scan (or after the reboot), start MBAM,
Click History, then Application Logs, then check the Select box by the first Scan Log in the list.
Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.
Step 3: Scan with ESET Online Scanner
Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.
Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.
If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.
Please click on this link and then click the ESET Online Scanner bar ---->
- Select the option YES, I accept the Terms of Use then click on Start
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked.
- Make sure that the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on Start
- The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically. The scan may take several hours.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- Now click on Finish
- Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
Download Security Check
by screen317 from here or here.- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
- Fixlog.txt Log
- ESET Scan Log
- MBAM Log
- SecurityCheck Log
#24
Posted 31 January 2015 - 05:49 AM
- Topic Starter
-
- Member
-
- 233 posts
Member
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-01-2015
Ran by Lonnie at 2015-01-31 06:47:10 Run:2
Running from C:\Users\Lonnie\Desktop
Loaded Profiles: Lonnie (Available profiles: Lonnie)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CreateRestorePoint:
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppp", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppppppp"
CHR DefaultSearchURL: Default -> http://isearch.omiga...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
AlternateDataStreams: C:\Users\Lonnie\Downloads\Invoice_df3551c1-06e2-4eff-b5ce-e241b9da87ae.pdf:$CmdZnID
End
*****************
Restore point was successfully created.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchURL not detected.
Chrome DefaultSuggestURL not detected.
C:\Users\Lonnie\Downloads\Invoice_df3551c1-06e2-4eff-b5ce-e241b9da87ae.pdf => ":$CmdZnID" ADS removed successfully.
==== End of Fixlog 06:47:52 ====
#25
Posted 31 January 2015 - 05:53 PM
- Topic Starter
-
- Member
-
- 233 posts
Member
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f25c540835e444db7baa9c6e4de4443
# engine=22239
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-31 06:14:38
# local_time=2015-01-31 01:14:38 (-0500, US Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3081 16777213 87 100 0 56576120 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 36678910 174272869 0 0
# scanned=616456
# found=39
# cleaned=0
# scan_time=18972
sh=349EF03B9693EFC55FF083DD0DA1E2630D182B0B ft=1 fh=c71c00116a2d4a55 vn="a variant of Win32/AdWare.Adpeak.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\AdpeakProxy.dll.vir"
sh=A4BE0F16C92EB88314908B3E7DACB6F43C7CD83B ft=1 fh=5cde2c9dc14beeb4 vn="a variant of Win32/Adware.ObronaAds.C application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Cgiansforedusters\HttpsProxy.exe"
sh=224B4EA3447E9AA9633299AEAEA2CA6156C33B76 ft=1 fh=7d24c42ceb0fb013 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\STab\BrowerWatchCH.dll"
sh=14ACB1CD70D780F29D66D055A759FBB83E180498 ft=1 fh=20d8daed3fd1cec9 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\STab\BrowerWatchFF.dll"
sh=FBDFC5A9C45940E1EE1DB6ADFCE2B1BD5DD301F3 ft=1 fh=c71c0011210d5c57 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\STab\BrowserAction.dll"
sh=824E7357DF86CD900539BE5D247C85DF2A15A801 ft=1 fh=5f9b42aa3829c6bd vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\STab\IeWatchDog.dll"
sh=61EE5C4FCCD0F8C8FC17C73B6420A2085637ECFA ft=1 fh=7638caa39fe23be4 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\STab\ProtectService.exe"
sh=EEF0682BF8725FA176C6A14D1A2EEEA0C7A30985 ft=1 fh=36cbdf90e69a05c2 vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Lonnie\AppData\Roaming\ZPNTAC.exe.xBAD"
sh=193536221FB836117EF926D5E1E724B7A908EB38 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Lonnie\AppData\Roaming\Mozilla\Firefox\Profiles\0937xwmn.default\Extensions\[email protected]\extensionData\plugins\91.js"
sh=193536221FB836117EF926D5E1E724B7A908EB38 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Lonnie\AppData\Roaming\Mozilla\Firefox\Profiles\0937xwmn.default\Extensions\[email protected]\extensionData\plugins\91.js"
sh=F9AF38C896F1B8FDB5CE884FC77B2B0B5A8D4580 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Lonnie\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Lonnie\Downloads\cbsidlm-cbsi145-Google_Books_Downloader-SEO-75453020.exe"
sh=7673F3C7F23120FCD1EA5CEF36404737BD7A006C ft=1 fh=aa8b702e5eb2051d vn="Win32/Conduit.SearchProtect.W potentially unwanted application" ac=I fn="C:\Users\Lonnie\Downloads\SoftwareUpdater (1).exe"
sh=7673F3C7F23120FCD1EA5CEF36404737BD7A006C ft=1 fh=aa8b702e5eb2051d vn="Win32/Conduit.SearchProtect.W potentially unwanted application" ac=I fn="C:\Users\Lonnie\Downloads\SoftwareUpdater.exe"
sh=8193728637D16FEDD8E5809E6A5F177DEAE87145 ft=1 fh=8b9917ca3e69a6ac vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Lonnie\Downloads\SweetHome3D-4.3-windows-oc.exe"
sh=45853DE737AD588B67A39D9C89CA710B08578DA6 ft=1 fh=90d5d12d060a2245 vn="Win32/ELEX.BI potentially unwanted application" ac=I fn="C:\Users\Lonnie\Downloads\yet_another_cleaner_marb.exe"
sh=80227DDE308BB11A588F56B42D420EE9CD92D886 ft=1 fh=d3534ed3962b7fee vn="a variant of Win32/KoyoteLab.A potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\ak100a+1.exe.part"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391647_stp\wajam_validate.exe"
sh=73E65A52BE9E31500F36F34AEF8778E2CBA8852B ft=1 fh=e03fc328f07c412f vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391801_stp\rcpsetup_adppi_adppi.exe"
sh=CF17647B622C09F24A085B7ACFA0DBF9975743F2 ft=1 fh=58210d76fa7fc05f vn="Win32/OutBrowse.C potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391881_stp\GreatArcadeHits.exe"
sh=B8BA44E0CE1ADDF671F11E538FCEE2A645D2FB08 ft=1 fh=a24041e4017a5c0c vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391948_stp\DefaultTabSetup.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1392055_stp\uninstaller.exe"
sh=F1AD8D1A515416F4A9CD288CF89309253B7E6F22 ft=1 fh=cd8d8ac6fdd37d8e vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.15.2.23_0\plugins\ConduitChromeApiPlugin.dll"
sh=C66BE7E22C0AE8504254F55F900ED2EE60C42500 ft=1 fh=113606ed3bb5f6ba vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.505_0\plugins\ConduitChromeApiPlugin.dll"
sh=FB2BCD5A889DB9658B02E8ED3A95043BAA0094E1 ft=1 fh=f6a034ccf475a4f7 vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.505_0\plugins\TBVerifier.dll"
sh=6AFAEEC56C44C74542369A58D1E2F57B508F0E0D ft=1 fh=b223f168b5e1d79a vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\plugins\ConduitChromeApiPlugin.dll"
sh=DB5DEC21F203A3AE275461D03FF977C87C6C00F9 ft=1 fh=09feb8da0d515751 vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\plugins\TBVerifier.dll"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\ldrtbVuze.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\tbVuze.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Windows.old\Program Files\Conduit\Community Alerts\Alert.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Windows.old\Program Files\Conduit\Community Alerts\Alert0.dll"
sh=1F2C0A5D4CB1B47D1DDC86E3516F06B3ECA63A56 ft=1 fh=94049be6457143fb vn="a variant of MSIL/DomaIQ.A potentially unwanted application" ac=I fn="D:\Windows.old\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
sh=267761B7F076EE5F3E4AC0A0119483331505B959 ft=1 fh=01bd44fac0230ac6 vn="a variant of Win32/Adware.SpeedingUpMyPC.V application" ac=I fn="D:\Windows.old\Program Files\Optimizer Pro\OptProReminder.exe"
sh=FF5BB81BBA4F0F036D4AD6E1F51D37D052B03BDB ft=1 fh=cfb7d87543c29a14 vn="Win32/Systweak.O potentially unwanted application" ac=I fn="D:\Windows.old\Program Files\RegClean Pro\CleanSchedule.exe"
sh=29537B5D9E0B9006067890E1D21D0CE6F22E8A99 ft=1 fh=6e7ef67f604e413f vn="Win32/MyPCBackup.A potentially unwanted application" ac=I fn="D:\Windows.old\Program Files\RegClean Pro\Cloud_Backup_Setup.exe"
sh=EE0DBC090D6FC9DA0D0A84516D8D34BF1F96E196 ft=1 fh=44b5db033c27eea0 vn="Win32/MyPCBackup.A potentially unwanted application" ac=I fn="D:\Windows.old\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.exe"
sh=79DAD0376ADA433C444A4A06362ADAE4BCC4391E ft=1 fh=1635d49b73f4c057 vn="a variant of Win32/Systweak.Q potentially unwanted application" ac=I fn="D:\Windows.old\Program Files\RegClean Pro\RCPUninstall.exe"
sh=143C233CF3B45A8F2F8E0979F62BCCF7CAA7A97A ft=1 fh=fddcb880fc06a067 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="D:\Windows.old\Program Files\RegClean Pro\RegCleanPro.exe"
sh=9896DAB927F232F334AAC794EE39E4741E8560AD ft=1 fh=20cdc242a13dadda vn="MSIL/AdvancedSystemProtector.D potentially unwanted application" ac=I fn="D:\Windows.old\Program Files\RegClean Pro\systweakasp.exe"
#26
Posted 31 January 2015 - 05:55 PM
- Topic Starter
-
- Member
-
- 233 posts
Member
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/31/2015
Scan Time: 7:15:57 AM
Logfile: MBAM.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.31.02
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Lonnie
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307844
Time Elapsed: 17 min, 53 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 7
PUP.Optional.ScorpionSaver, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\AdpeakProxy, Quarantined, [232e62953356c2745824806e857f7789],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TheTorntvs V10 1.1 +-nv, Quarantined, [aba649ae543559dd2737f9972ed55aa6],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornPlusTV_version1.11-nv, Quarantined, [3e137e790b7ed5616f2e6029a95a39c7],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornTv Downloader, Quarantined, [4d048f6874152a0ca2725832996a5fa1],
PUP.Optional.Adpeak, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, Quarantined, [60f154a31d6c54e22cd4943448bb0000],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntvs V10 1.1 +, Quarantined, [e56c1ed96c1db086ef70a6ea788bec14],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TornPlusTV_version1.11, Quarantined, [b79a6d8a8207b086118dc7c2d92a8a76],
Registry Values: 1
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certif...95A6E9AD8F&q=%s, Quarantined, [a0b1896e6227b97dbc9e634351b2827e]
Registry Data: 3
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-4227807349-2635072203-767282089-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certif...95A6E9AD8F&q=%s, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385251116869&tguid=75087-8679-1385251116869-A86C35141A032683B1A97895A6E9AD8F&q=%s),Replaced,[341d8e6904852115ed8e238a15f0f10f]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 75.126.206.18,184.173.169.186, Good: (), Bad: (75.126.206.18,184.173.169.186),Replaced,[70e1da1d2663f1454c19bbf42fd6ad53]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}|NameServer, 75.126.206.18,184.173.169.186, Good: (), Bad: (75.126.206.18,184.173.169.186),Replaced,[6ce51ed9cabf75c195d079365aab33cd]
Folders: 85
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\adapter, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\abstractbutton, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\abstractbutton\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\alert, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\alert\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedhtml, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedhtml\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedhtml\html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedhtml\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedscript, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedscript\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedscript\html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedscript\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\flare, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\flare\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\flare\icons, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\generic, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\generic\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\link, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\link\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\images, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\rss, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\rss\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\thirdparty, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\thirdparty\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\uninstall, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\uninstall\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\weather, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\weather\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\common, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\radio, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\radio\css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\radio\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\rss, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\rss\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\test, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\topapps, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\topapps\css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\topapps\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\weather, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\weather\css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\weather\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api\window, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\moviereviews, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\moviereviews\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\moviereviews\css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\moviereviews\html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\moviereviews\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio\css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio\foreground, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio\radioWrapper, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\search, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\search\background, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\search\html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\icons, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\native, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\native\libs, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\shared, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\_metadata, Quarantined, [72df25d26227fd39df0f153adc276997],
Files: 225
Trojan.VirTool, C:\Program Files\Skyrim LE\steam_api.dll, Quarantined, [173a8275474236000537fbc229d96b95],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myscrapnook.dl.tb.ask.com_0.localstorage, Quarantined, [034ea552464352e4ad8ebff37291619f],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gnaghjfblmncnfgjddgelpkbhfdflicf_0.localstorage, Quarantined, [a7aa07f0bacfb5812bd1457133d0f808],
PUP.Optional.PastaLeads, C:\Windows\System32\Tasks\PastaQuotes, Quarantined, [3d1443b42b5e8babf022c63c6c9901ff],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\bg.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\buildVars, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\buildVars.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\companionSW.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\config.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\contentScript.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\contentScript.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\debug.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\debug.jade, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\extension_toolbar_api.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\initWidgetWindow.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\manifest.json, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\newTabContentScript.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\options.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\spent.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\spent.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\spent.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\spent2.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\spent2.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\spentJ.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\spentK.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\spentK.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\startup.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\stub.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\stubby.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\superFrame.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\toolbar.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\toolbar.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\toolbarUI.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\toolbarUI.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\toolbarUI.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\url.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\adapter\adapterUtil.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\adapter\widget-adapter.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\alert\background\alertButton.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\flare\background\FlareWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\flare\icons\Thumbs.db, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\generic\background\GenericWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\link\background\linkButton.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\README.txt, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\background\menuButton.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\css\menuframe.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\html\menuframe.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\images\right_arrow.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\images\right_arrow_white.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\js\menuframe.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\js\query-string.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\rss\background\RssWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\components\weather\background\weatherButton.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\bs.30.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\common.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\dynamic.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\enableDetect.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\eventListening.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\global.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\jquery-1.7.1.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\list-interaction.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\messageEventListener.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\navRedirector.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\paramReplacer.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\PartnerId.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\set.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\underscore-1.3.1.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\underscore-1.5.2.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\js\unifiedLogging.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widget-context-1.0.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\common\common.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\common\set.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\test\invalid.json, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\test\jquery.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\test\qunit.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\test\qunit.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\test\resource.json, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\test\resource.xml, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api\background\ApiBasedWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api\background\widget-api-impl.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api\window\widgetWindow.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\api\window\widgetWindow.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\background\updateSearch.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\moviereviews\css\movieReviews.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\moviereviews\html\movieReviews.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\moviereviews\js\movieReviews.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio\background\RadioWidget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio\css\toolbar-item.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio\foreground\button.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\search\background\searchBox.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\search\html\searchSuggestions.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\search\html\searchSuggestions.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\search\html\searchSuggestions.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\search\html\searchSuggestionsInit.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\css\supertab.css, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\html\supertab.html, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\js\newtabfork.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\js\reporting.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\js\srchsugg.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\js\supertab.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\js\unifiedLogging.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\components\supertab\js\__utm.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\icons\arrowSprite.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\icons\icon128.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\icons\icon16.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\icons\icon19disabled.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\icons\icon19on.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\icons\icon48.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118834.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118837.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118852.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118853.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118854.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118855.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118856.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118857.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118858.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\222118870.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\down_arrow.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\magnifying_glass.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\RadioPlayerSprite.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\search_button.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\tvf_icon_guide.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\tvf_logo.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\images\wrench.png, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\chromeUtils.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\exeManager.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\exeManagerNMD.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\exePackageManager.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\focusManager.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\globalBlacklistManager.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\messaging.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\mutation_summary-min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\mutation_summary.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\nativeMessagingDispatcher.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\newTabInfo.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\newTabInitialize.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\options.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\readLocalStorage.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\reservespacefortoolbar.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\reservespaceifenabled.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\scriptInjector.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\searchContext.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\settingsOverrides.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\toolbarCookieParser.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\toolbarPreinit.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\underscore-1.3.1.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\URILoaderContentScript.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\Widget.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\widgetContentScriptInjectee.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\widgetFactory.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\js\widgetWindowManager.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\native\cache.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\native\ce.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\native\debug.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\native\ss.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\native\libs\jquery-1.7.1.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\native\libs\jquery-1.9.1.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\native\libs\underscore-1.5.2.min.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\shared\HttpURL.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\shared\rsvp-latest.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\shared\unifiedLogging.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\shared\universalConsole.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\shared\utils.js, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\_metadata\computed_hashes.json, Quarantined, [72df25d26227fd39df0f153adc276997],
PUP.Optional.MindSpark.A, C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf\11.87.5.11376_0\_metadata\verified_contents.json, Quarantined, [72df25d26227fd39df0f153adc276997],
Physical Sectors: 0
(No malicious items detected)
(end)
#27
Posted 31 January 2015 - 06:09 PM
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Let's clear away the junk that the ESET scan found. How is the machine running?
Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.
- Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
- Right-click in the open notepad and select Paste).
- Save it on the desktop as fixlist.txt
Start
CreateRestorePoint:
C:\Users\Lonnie\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi
C:\Users\Lonnie\Downloads\cbsidlm-cbsi145-Google_Books_Downloader-SEO-75453020.exe"
C:\Users\Lonnie\Downloads\SoftwareUpdater (1).exe
C:\Users\Lonnie\Downloads\SoftwareUpdater.exe
C:\Users\Lonnie\Downloads\SweetHome3D-4.3-windows-oc.exe
C:\Users\Lonnie\Downloads\yet_another_cleaner_marb.exe"
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\ak100a+1.exe.part
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391647_stp\wajam_validate.exe
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391801_stp\rcpsetup_adppi_adppi.exe
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391881_stp\GreatArcadeHits.exe
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391948_stp\DefaultTabSetup.exe
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1392055_stp\uninstaller.exe
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.15.2.23_0\plugins\ConduitChromeApiPlugin.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.505_0\plugins\ConduitChromeApiPlugin.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.505_0\plugins\TBVerifier.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\plugins\ConduitChromeApiPlugin.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\plugins\TBVerifier.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\ldrtbVuze.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\tbVuze.dll
D:\Windows.old\Program Files\Conduit
D:\Windows.old\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe
D:\Windows.old\Program Files\Optimizer Pro\OptProReminder.exe
D:\Windows.old\Program Files\RegClean Pro\CleanSchedule.exe
D:\Windows.old\Program Files\RegClean Pro\Cloud_Backup_Setup.exe
D:\Windows.old\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.ex
D:\Windows.old\Program Files\RegClean Pro\RCPUninstall.exe
D:\Windows.old\Program Files\RegClean Pro\RegCleanPro.exe
D:\Windows.old\Program Files\RegClean Pro\systweakasp.exe
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.
Things I need to see in your next post:
Fixlog.txt Log
#28
Posted 31 January 2015 - 06:11 PM
- Topic Starter
-
- Member
-
- 233 posts
Member
Results of screen317's Security Check version 0.99.95
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 71
Java 8 Update 25
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0.1)
Mozilla Thunderbird (31.4.0)
Google Chrome (39.0.2171.95)
Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Comodo Firewall cmdagent.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
#29
Posted 01 February 2015 - 06:10 AM
- Topic Starter
-
- Member
-
- 233 posts
Member
FRST didn't like the fixlog text. it wont read it .
#30
Posted 01 February 2015 - 06:17 AM
- Topic Starter
-
- Member
-
- 233 posts
Member
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-01-2015
Ran by Lonnie at 2015-02-01 07:12:31 Run:3
Running from C:\Users\Lonnie\Desktop
Loaded Profiles: Lonnie (Available profiles: Lonnie)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CreateRestorePoint:
C:\Users\Lonnie\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi
C:\Users\Lonnie\Downloads\cbsidlm-cbsi145-Google_Books_Downloader-SEO-75453020.exe"
C:\Users\Lonnie\Downloads\SoftwareUpdater (1).exe
C:\Users\Lonnie\Downloads\SoftwareUpdater.exe
C:\Users\Lonnie\Downloads\SweetHome3D-4.3-windows-oc.exe
C:\Users\Lonnie\Downloads\yet_another_cleaner_marb.exe"
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\ak100a+1.exe.part
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391647_stp\wajam_validate.exe
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391801_stp\rcpsetup_adppi_adppi.exe
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391881_stp\GreatArcadeHits.exe
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391948_stp\DefaultTabSetup.exe
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1392055_stp\uninstaller.exe
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.15.2.23_0\plugins\ConduitChromeApiPlugin.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.505_0\plugins\ConduitChromeApiPlugin.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.505_0\plugins\TBVerifier.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\plugins\ConduitChromeApiPlugin.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\plugins\TBVerifier.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\ldrtbVuze.dll
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\tbVuze.dll
D:\Windows.old\Program Files\Conduit
D:\Windows.old\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe
D:\Windows.old\Program Files\Optimizer Pro\OptProReminder.exe
D:\Windows.old\Program Files\RegClean Pro\CleanSchedule.exe
D:\Windows.old\Program Files\RegClean Pro\Cloud_Backup_Setup.exe
D:\Windows.old\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.ex
D:\Windows.old\Program Files\RegClean Pro\RCPUninstall.exe
D:\Windows.old\Program Files\RegClean Pro\RegCleanPro.exe
D:\Windows.old\Program Files\RegClean Pro\systweakasp.exe
End
*****************
Restore point was successfully created.
C:\Users\Lonnie\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi => Moved successfully.
C:\Users\Lonnie\Downloads\cbsidlm-cbsi145-Google_Books_Downloader-SEO-75453020.exe => Moved successfully.
C:\Users\Lonnie\Downloads\SoftwareUpdater (1).exe => Moved successfully.
C:\Users\Lonnie\Downloads\SoftwareUpdater.exe => Moved successfully.
C:\Users\Lonnie\Downloads\SweetHome3D-4.3-windows-oc.exe => Moved successfully.
C:\Users\Lonnie\Downloads\yet_another_cleaner_marb.exe => Moved successfully.
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\ak100a+1.exe.part => Moved successfully.
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391647_stp\wajam_validate.exe => Moved successfully.
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391801_stp\rcpsetup_adppi_adppi.exe => Moved successfully.
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391881_stp\GreatArcadeHits.exe => Moved successfully.
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1391948_stp\DefaultTabSetup.exe => Moved successfully.
D:\Windows.old\Documents and Settings\Big Boy\Local Settings\Temp\is1590112554\1392055_stp\uninstaller.exe => Moved successfully.
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.15.2.23_0\plugins\ConduitChromeApiPlugin.dll => Moved successfully.
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.505_0\plugins\ConduitChromeApiPlugin.dll => Moved successfully.
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.505_0\plugins\TBVerifier.dll => Moved successfully.
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\plugins\ConduitChromeApiPlugin.dll => Moved successfully.
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.20.1.508_0\plugins\TBVerifier.dll => Moved successfully.
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\ldrtbVuze.dll => Moved successfully.
D:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\tbVuze.dll => Moved successfully.
D:\Windows.old\Program Files\Conduit => Moved successfully.
D:\Windows.old\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe => Moved successfully.
D:\Windows.old\Program Files\Optimizer Pro\OptProReminder.exe => Moved successfully.
D:\Windows.old\Program Files\RegClean Pro\CleanSchedule.exe => Moved successfully.
D:\Windows.old\Program Files\RegClean Pro\Cloud_Backup_Setup.exe => Moved successfully.
"D:\Windows.old\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.ex" => File/Directory not found.
D:\Windows.old\Program Files\RegClean Pro\RCPUninstall.exe => Moved successfully.
D:\Windows.old\Program Files\RegClean Pro\RegCleanPro.exe => Moved successfully.
D:\Windows.old\Program Files\RegClean Pro\systweakasp.exe => Moved successfully.
==== End of Fixlog 07:13:38 ====
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
