Jump to content

Used computer with potentially infected file, concerned about malware


l123

Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

Thanks for your help, here is the first GMER log

GMER 2.1.19357 - http://www.gmer.netRootkit scan 2015-01-23 23:06:32Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GBRunning: kolvh9bl.exe; Driver: C:\Users\bob\AppData\Local\Temp\uwtorpow.sys---- Threads - GMER 2.1 ----Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5692:5812]                                                                              000007fefbb62bf8Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5692:5820]                                                                              000007fef1abcf60Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5692:4296]                                                                              000007fef93e5124Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5692:1820]                                                                              000007fef1a21b54Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5692:1796]                                                                              000007fef1abcf60---- Registry - GMER 2.1 ----Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind    \Device\{E0C08F17-9E03-48DD-B75E-F10530B5582D}?\Device\{7D915F43-76FE-4027-B1B5-CEC4EE73DE2E}?\Device\{3D440499-0076-4616-88FF-6A8452DC444C}?\Device\{C0118C4C-4A5F-4BEF-A693-B033690A1EEC}?\Device\{63F5ADD0-FAFD-4E19-A193-DEA86E908CFF}?\Device\{2D075780-1CA6-4490-AF12-0A79601C0EB1}?Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route   "{E0C08F17-9E03-48DD-B75E-F10530B5582D}"?"{7D915F43-76FE-4027-B1B5-CEC4EE73DE2E}"?"{3D440499-0076-4616-88FF-6A8452DC444C}"?"{C0118C4C-4A5F-4BEF-A693-B033690A1EEC}"?"{63F5ADD0-FAFD-4E19-A193-DEA86E908CFF}"?"{2D075780-1CA6-4490-AF12-0A79601C0EB1}"?Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export  \Device\TCPIP6TUNNEL_{E0C08F17-9E03-48DD-B75E-F10530B5582D}?\Device\TCPIP6TUNNEL_{7D915F43-76FE-4027-B1B5-CEC4EE73DE2E}?\Device\TCPIP6TUNNEL_{3D440499-0076-4616-88FF-6A8452DC444C}?\Device\TCPIP6TUNNEL_{C0118C4C-4A5F-4BEF-A693-B033690A1EEC}?\Device\TCPIP6TUNNEL_{63F5ADD0-FAFD-4E19-A193-DEA86E908CFF}?\Device\TCPIP6TUNNEL_{2D075780-1CA6-4490-AF12-0A79601C0EB1}?Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015830cbfeb                                                                 Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015830cbfeb@0011670032ac                                                    0x64 0x24 0x8B 0x8B ...Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E0C08F17-9E03-48DD-B75E-F10530B5582D}@InterfaceName                      isatap.{02303894-F298-4AD2-88A5-4E76400B343D}Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E0C08F17-9E03-48DD-B75E-F10530B5582D}@ReusableType                       0Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015830cbfeb (not active ControlSet)                                             Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015830cbfeb@0011670032ac                                                        0x64 0x24 0x8B 0x8B ...---- EOF - GMER 2.1 ----
Link to post
Share on other sites

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

Link to post
Share on other sites

Okay, wow, if there is cracked software, it wasn't put there by me or the computer's owner- we would not use cracked software and are not sure what 'cracksites/warezsites' are, but I am fairly certain we have never visited them. We are happy to delete it-but could you tell me which software it is? We seriously have no idea as all the software was purchased. I'm really sorry about that and thanks for your help.

Link to post
Share on other sites

 

127.0.0.1    activate.adobe.com

127.0.0.1    practivate.adobe.com

These entries deny access to the activation/registration servers of Adobe.

 

The only non free adobe product you have installed is Adobe Acrobat XI Pro.

Please uninstall this program.

 

 

Please rescan with FRST (create a new addition.txt as well) and post the logs.

Link to post
Share on other sites

Okay, he actually purchased this for hundreds of dollars in 2011 (I'm looking at the receipt) from what looked like a large, legitimate software website. At the time, it looked like a legitimate website and didn't set off any alerts (now antivirus says not to visit website). It stopped working a couple years ago and he called Adobe over and over again trying to figure out what was wrong- they kept telling him to re-install, try again. He had a product key and Adobe never told him it was fake. He decided Adobe had horrible customer service and has just used the free version since. I guess this is why it stopped working. He had no idea it was fake, or he wouldn't have called Adobe about the problem.

 

I tried to open the program and it didn't work- just said it was a trial version, but the continue trial button was grayed out (it was an expired trial). I uninstalled anyway, but the other entries are still in the log- I don't know how to remove those and the computer owner has no idea how they got there.If you tell me how, I will remove those as well. Here are the new logs.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01Ran by bob (administrator) on SATELLITE on 26-01-2015 21:26:01Running from C:\Users\bob\DesktopLoaded Profiles: bob (Available profiles: bob)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Users\bob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)HKLM\...\Run: [] => [X]HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-06-10] (Google Inc.)HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Run: [Google Update] => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-15] (Google Inc.)HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\MountPoints2: {84c669c1-c586-11e0-8b1c-e89a8f55e411} - E:\LaunchU3.exe -aAppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not FoundAppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not FoundStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnkShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EXHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EXHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}HKU\S-1-5-21-951699276-22072461-1913971103-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}HKU\S-1-5-21-951699276-22072461-1913971103-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKU\S-1-5-21-951699276-22072461-1913971103-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://trovi.com?SearchSource=10&CUI=UN11388850373080428&UM=4&ctid=CT1561552HKU\S-1-5-21-951699276-22072461-1913971103-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EXHKU\S-1-5-21-951699276-22072461-1913971103-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\bob\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll (ClientConnect Ltd.)URLSearchHook: HKU\S-1-5-21-951699276-22072461-1913971103-1000 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\bob\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll (ClientConnect Ltd.)SearchScopes: HKLM -> DefaultScope {FF6E0AAE-BF49-4731-81E0-6BF344B1929A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNFSearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}SearchScopes: HKLM -> {FF6E0AAE-BF49-4731-81E0-6BF344B1929A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNFSearchScopes: HKLM-x32 -> DefaultScope {68316ECC-3526-4835-B20C-D3886D303EB0} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}SearchScopes: HKLM-x32 -> {FF6E0AAE-BF49-4731-81E0-6BF344B1929A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNFSearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> DefaultScope {68316ECC-3526-4835-B20C-D3886D303EB0} URL = http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN11388850373080428&UM=4SearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> {68316ECC-3526-4835-B20C-D3886D303EB0} URL = http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN11388850373080428&UM=4SearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> {89A6F3EE-CBF8-4364-9BC8-50EBFC8B965C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGHP_enDE592SearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> {9B31646B-E112-417E-AE47-69E9F8B7E664} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140711&p={SearchTerms}SearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> {B9188BF5-58F9-4560-B53F-DF90D34AC35D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNFSearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> {D5B064CD-968B-4C73-B946-2A52FB556F65} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No FileBHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No FileBHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Hotspot Shield Toolbar -> {c95a4e8e-816d-4655-8c79-d736da1adb6d} -> C:\Users\bob\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll (ClientConnect Ltd.)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\bob\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll (ClientConnect Ltd.)Toolbar: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No FileToolbar: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No FileHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.2.1Tcpip\..\Interfaces\{DD8C502A-FC43-43C5-A992-F51630AF4414}: [NameServer] 208.67.222.222,208.67.220.220FireFox:========FF ProfilePath: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.defaultFF DefaultSearchEngine: Secure SearchFF SearchEngineOrder.1: Secure SearchFF SelectedSearchEngine: Secure SearchFF Homepage: www.google.comFF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US0D20140711&p=FF NetworkProxy: "type", 4FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No FileFF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-951699276-22072461-1913971103-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKU\S-1-5-21-951699276-22072461-1913971103-1000: @talk.google.com/O1DPlugin -> C:\Users\bob\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKU\S-1-5-21-951699276-22072461-1913971103-1000: @tools.google.com/Google Update;version=3 -> C:\Users\bob\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-951699276-22072461-1913971103-1000: @tools.google.com/Google Update;version=9 -> C:\Users\bob\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF user.js: detected! => C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Users\bob\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\bob\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\searchplugins\ask-search.xmlFF SearchPlugin: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\searchplugins\bing-zugo.xmlFF SearchPlugin: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\searchplugins\trovi-search.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xmlFF Extension: wxDownload - C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\Extensions\50bd015588400@50bd015588439.com [2012-12-04]FF Extension: Fast Start - C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\Extensions\faststartff@gmail.com [2014-07-14]FF Extension: Google Shortcuts - C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2012-02-19]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-16]FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-08-23]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-16]FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-onFF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-02-01]FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\quick_start@gmail.comFF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-11]FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKFF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-11]Chrome: =======CHR HomePage: Default -> hxxp://google.com/CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\bob\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Translate) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-08-04]CHR Extension: (Google Docs) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]CHR Extension: (Google Drive) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-04]CHR Extension: (YouTube) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-04]CHR Extension: (Adblock Plus) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-22]CHR Extension: (Adblock for Youtube™) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-16]CHR Extension: (Google Search) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-04]CHR Extension: (FromDocToPDF) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp [2014-08-04]CHR Extension: (Gmail Offline) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-01-04]CHR Extension: (SiteAdvisor) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-08-04]CHR Extension: (Bookmark Manager) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-03]CHR Extension: (Google Voice (by Google)) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-08-04]CHR Extension: (Skype Click to Call) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-04]CHR Extension: (FatWallet Express) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogoohcaeegmfbiijjanepaeaimohkmn [2014-11-22]CHR Extension: (Google Wallet) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]CHR Extension: (Gmail) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]CHR Extension: (Economist Radio) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokaljfafjmhnoofahjignaelkgahpml [2014-09-16]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-23]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-23]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-06]CHR HKLM-x32\...\Chrome\Extension: [phkobbdicefempkcpdbljeenfkokfpff] - C:\ProgramData\wxDownload\phkobbdicefempkcpdbljeenfkokfpff.crx [Not Found]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-09] (CrashPlan) [File not signed]S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]S2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-16] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-11-04] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-04-10] (ClientConnect Ltd.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S2 HPSLPSVC; C:\Users\bob\AppData\Local\Temp\7zS7803\hpslpsvc64.dll [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)R2 WinFLdrv; C:\Windows\SysWow64\WinFLdrv.sys [21888 2011-08-07] ()==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-26 21:25 - 2015-01-26 21:25 - 00000000 ____D () C:\Users\bob\Desktop\FRST-OlderVersion2015-01-23 23:39 - 2015-01-23 23:39 - 00559864 _____ () C:\windows\Minidump\012315-31434-01.dmp2015-01-23 23:38 - 2015-01-23 23:38 - 709203600 _____ () C:\windows\MEMORY.DMP2015-01-23 23:10 - 2015-01-23 23:11 - 00000000 ____D () C:\Users\bob\Desktop\tdsskiller2015-01-23 23:08 - 2015-01-23 23:08 - 04176437 _____ () C:\Users\bob\Desktop\tdsskiller.zip2015-01-23 23:06 - 2015-01-23 23:07 - 00003528 _____ () C:\Users\bob\Desktop\ark.txt2015-01-23 23:04 - 2015-01-23 23:04 - 00003529 _____ () C:\Users\bob\Documents\gmer.log2015-01-23 22:55 - 2015-01-23 22:55 - 00380416 _____ () C:\Users\bob\Downloads\kolvh9bl.exe2015-01-22 22:12 - 2015-01-23 22:48 - 00001272 _____ () C:\windows\PFRO.log2015-01-22 18:57 - 2015-01-22 19:18 - 00051547 _____ () C:\Users\bob\Desktop\Addition.txt2015-01-22 18:56 - 2015-01-26 21:26 - 00036400 _____ () C:\Users\bob\Desktop\FRST.txt2015-01-22 18:56 - 2015-01-26 21:26 - 00000000 ____D () C:\FRST2015-01-22 18:53 - 2015-01-26 21:25 - 02129920 _____ (Farbar) C:\Users\bob\Desktop\FRST64.exe2015-01-22 08:42 - 2015-01-23 23:10 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\bob\Desktop\TDSSKiller.exe2015-01-15 15:37 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll2015-01-15 15:37 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys2015-01-15 15:37 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-01-15 15:37 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-01-15 15:37 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-01-15 15:37 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-01-15 15:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-01-15 15:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-01-15 15:37 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-01-15 15:37 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe2015-01-15 15:37 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll2015-01-15 15:37 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll2015-01-15 15:37 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll2015-01-06 19:32 - 2015-01-06 19:32 - 00000165 ____H () C:\Users\bob\Desktop\~$Class Scheduel - Copy.xlsx2015-01-05 22:16 - 2015-01-26 20:55 - 00002922 _____ () C:\windows\setupact.log2015-01-05 22:16 - 2015-01-05 22:16 - 00000000 _____ () C:\windows\setuperr.log2015-01-03 18:42 - 2015-01-03 18:27 - 00450918 ____R () C:\windows\system32\Drivers\etc\hosts.20150103-184207.backup2015-01-03 18:27 - 2014-11-04 13:30 - 00450860 _____ () C:\windows\system32\Drivers\etc\hosts.20150103-182724.backup2015-01-03 18:25 - 2015-01-03 18:25 - 00000119 _____ () C:\windows\wininit.ini2015-01-03 15:59 - 2015-01-03 15:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}2015-01-03 15:57 - 2015-01-03 15:57 - 00001049 _____ () C:\Users\Public\Desktop\KeyFinder.lnk2015-01-03 15:57 - 2015-01-03 15:57 - 00000000 ____D () C:\Users\bob\AppData\Roaming\OpenCandy2015-01-03 15:57 - 2015-01-03 15:57 - 00000000 ____D () C:\Users\bob\AppData\Roaming\IHlpr2015-01-03 15:57 - 2015-01-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder2015-01-03 15:57 - 2015-01-03 15:57 - 00000000 ____D () C:\Program Files (x86)\Magical Jelly Bean2015-01-03 15:56 - 2015-01-03 15:56 - 01166232 _____ (Magical Jelly Bean ) C:\Users\bob\Downloads\KeyFinderInstaller.exe==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-26 21:22 - 2011-08-05 08:36 - 00000000 ____D () C:\Program Files (x86)\Adobe2015-01-26 21:22 - 2011-03-24 03:29 - 00000000 ____D () C:\ProgramData\Adobe2015-01-26 21:16 - 2014-06-10 20:02 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-26 21:08 - 2014-07-11 11:20 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk2015-01-26 21:08 - 2014-07-11 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2015-01-26 21:06 - 2014-07-11 11:18 - 00000000 __RSD () C:\Users\bob\Documents\McAfee Vaults2015-01-26 21:04 - 2014-06-10 20:02 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-26 21:03 - 2009-07-14 05:45 - 00040352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-26 21:03 - 2009-07-14 05:45 - 00040352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-26 21:00 - 2014-07-11 10:49 - 01541183 _____ () C:\windows\WindowsUpdate.log2015-01-26 20:55 - 2013-04-05 18:35 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2015-01-26 20:55 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2015-01-25 00:40 - 2012-09-15 18:22 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000UA.job2015-01-25 00:27 - 2013-04-05 18:35 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-01-25 00:27 - 2013-04-05 18:35 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-25 00:27 - 2013-04-05 18:35 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2015-01-24 22:22 - 2009-07-14 06:13 - 00799926 _____ () C:\windows\system32\PerfStringBackup.INI2015-01-24 19:35 - 2011-09-02 19:02 - 00000877 _____ () C:\Users\Public\Desktop\CCleaner.lnk2015-01-23 23:39 - 2013-03-28 11:40 - 00000000 ____D () C:\windows\Minidump2015-01-23 23:09 - 2014-11-30 16:03 - 00000000 ____D () C:\Users\bob\AppData\Local\WinZip2015-01-23 22:48 - 2014-07-11 11:15 - 00000000 ____D () C:\Program Files (x86)\McAfee2015-01-15 23:36 - 2013-07-20 21:42 - 00000000 ____D () C:\windows\system32\MRT2015-01-15 23:25 - 2011-07-30 07:01 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-01-15 19:37 - 2013-10-23 02:16 - 00000000 ____D () C:\Users\bob\Documents\Afghanistan2015-01-15 19:34 - 2011-08-15 15:47 - 00000000 ____D () C:\Users\bob\Documents\Misc2015-01-13 17:05 - 2013-05-08 15:59 - 00000000 ____D () C:\Program Files\CrashPlan2015-01-13 13:14 - 2012-09-15 18:22 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000Core.job2015-01-06 14:00 - 2012-12-27 18:57 - 00000000 ____D () C:\Users\bob\Documents\Germany2015-01-04 13:18 - 2014-11-23 15:05 - 00000000 ____D () C:\Users\bob\Desktop\Curren trip2015-01-03 18:25 - 2014-06-23 01:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2015-01-03 02:22 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF2015-01-03 00:32 - 2011-07-27 09:53 - 00000000 ____D () C:\Users\bob\AppData\Roaming\Skype2014-12-31 14:13 - 2011-08-14 02:47 - 00000000 ____D () C:\Users\bob\AppData\Local\CrashDumps==================== Files in the root of some directories =======2014-05-26 16:40 - 2014-06-22 23:40 - 0000036 _____ () C:\Users\bob\AppData\Roaming\WB.CFG2012-08-25 11:08 - 2012-08-25 11:08 - 0017408 _____ () C:\Users\bob\AppData\Local\WebpageIcons.db2011-12-25 22:01 - 2011-12-25 22:01 - 0000000 _____ () C:\Users\bob\AppData\Local\{2983B93D-B0C9-4CCB-A416-C35C3ABBAA39}2014-05-04 18:36 - 2014-05-20 18:51 - 0002208 _____ () C:\ProgramData\GADump.txt2011-08-13 13:47 - 2013-11-18 19:07 - 0014926 _____ () C:\ProgramData\hpzinstall.log2012-03-14 14:59 - 2012-03-14 15:01 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-24 00:08==================== End Of Log ============================
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01

Ran by bob at 2015-01-26 21:27:04

Running from C:\Users\bob\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Akamai) (Version: - Akamai Technologies, Inc)

Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version: - )

Ashampoo Snap 6 v.6.0.6 (HKLM-x32\...\{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1) (Version: 6.0.6 - Ashampoo GmbH & Co. KG)

Ashampoo WinOptimizer 2013 v.1.0.0 (HKLM-x32\...\{4209F371-7B85-60AD-E5CE-E4409D39E3DE}_is1) (Version: 1.00.00 - Ashampoo GmbH & Co. KG)

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)

Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.5.0.1 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )

CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.7.0.3 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.8.0.5 - Canon Inc.)

Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version: - )

Canon PowerShot SX230 HS and PowerShot SX220 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX230HSandPSSX220HS) (Version: 1.0.1.2 - Canon Inc.)

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )

Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )

Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.5.0.7 - Canon Inc.)

Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)

Canon Utilities Map Utility (HKLM-x32\...\MapUtility) (Version: 1.0.0.19 - Canon Inc.)

Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)

Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.2.33 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.1.10 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)

Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)

CrashPlan (HKLM\...\{FCE35118-DD2F-4DB8-A5B6-D857F95669E0}) (Version: 3.5.3 - CrashPlan)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)

Epson E-Web Print (HKLM-x32\...\{E078671F-A754-4D31-BDB8-74E855FB02F2}) (Version: 1.16.0000 - SEIKO EPSON CORPORATION)

EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ExpressVPN v3.416 (HKLM-x32\...\ExpressVPN) (Version: v3.416 - )

File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)

Hotspot Shield Toolbar for IE (HKLM-x32\...\IECT1561552) (Version: 6.20.0.10 - Hotspot Shield) <==== ATTENTION

HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)

IncredibleCharts Pro (HKLM-x32\...\{134959C1-E63F-11D5-87EF-444553540000}_is1) (Version: - Vizhon Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)

Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)

Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

KVS Tool [7.7.2.R1] (HKLM-x32\...\KVS_AvailabilityTool) (Version: 7.7.2.R1 - KVS)

Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)

Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)

Macromedia Flash Player (HKLM-x32\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)

Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)

McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden

McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden

McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.178 - McAfee, Inc.)

McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)

Menschen A1-1 Lerner-DVD-ROM zum Kursbuch (HKLM-x32\...\de.hueber.menschena11izu) (Version: 1.0 - Hueber Verlag GmbH & Co KG)

Menschen A1-1 Lerner-DVD-ROM zum Kursbuch (x32 Version: 1.0 - Hueber Verlag GmbH & Co KG) Hidden

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MyDriveConnect 3.3.0.1318 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1318 - TomTom)

Ogallala_Ag_Clim (HKLM-x32\...\{D19C1012-1060-4D38-BB09-308081845BC2}) (Version: 1.00.0000 - USDA - ARS)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)

QuickBooks (x32 Version: 21.0.4009.904 - Intuit Inc.) Hidden

QuickBooks Pro 2005 (HKLM-x32\...\{14374622-0900-4056-BA06-C87C900AF9E6}) (Version: - )

QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4009.904 - Intuit Inc.)

Quicken 2006 (HKLM-x32\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.1.29 - Intuit)

Quicken Legal Business Pro 2009 (HKLM-x32\...\Quicken Legal Business Pro 2009) (Version: - )

Quicken WillMaker Plus 2009 (HKLM-x32\...\Quicken WillMaker Plus 2009) (Version: - )

R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)

Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)

RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1079 - RStudio)

Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)

Sweet Page (HKLM-x32\...\sweet-page uninstaller) (Version: - sweet-page) <==== ATTENTION

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)

TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)

TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )

Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)

TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)

TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)

TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)

TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )

TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)

TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)

TurboTax Business 2011 (HKLM-x32\...\TurboTax Business 2011) (Version: - Intuit, Inc)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )

wOBD (HKLM-x32\...\ST6UNST #1) (Version: - )

Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\bob\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\bob\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

09-10-2014 18:22:06 Scheduled Checkpoint

10-10-2014 13:50:56 McAfee Vulnerability Scanner

15-10-2014 22:25:59 Windows Update

17-10-2014 07:43:18 McAfee Vulnerability Scanner

24-10-2014 17:04:29 McAfee Vulnerability Scanner

31-10-2014 09:17:55 McAfee Vulnerability Scanner

07-11-2014 20:42:57 Installed Ogallala_Ag_Clim.

07-11-2014 21:13:22 McAfee Vulnerability Scanner

07-11-2014 21:30:55 McAfee Vulnerability Scanner

13-11-2014 11:25:32 Windows Update

19-11-2014 20:18:03 Windows Update

28-11-2014 15:53:06 McAfee Vulnerability Scanner

05-12-2014 18:26:34 McAfee Vulnerability Scanner

10-12-2014 18:28:06 Windows Update

15-12-2014 09:22:36 Windows Modules Installer

19-12-2014 17:29:25 McAfee Vulnerability Scanner

19-12-2014 17:43:58 Windows Update

31-12-2014 14:39:04 Scheduled Checkpoint

07-01-2015 15:06:46 Scheduled Checkpoint

15-01-2015 23:25:20 Windows Update

24-01-2015 00:15:54 Scheduled Checkpoint

26-01-2015 21:05:40 Removed Adobe Acrobat XI Pro.

26-01-2015 21:16:17 Removed Adobe Acrobat XI Pro.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-15 22:46 - 00450918 ____A C:\windows\system32\Drivers\etc\hosts

192.168.1.249 NPI92578A

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0021B1AC-4140-42A8-B6F8-61D25EE658D1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)

Task: {042DE4F5-6EBF-4B6A-A961-8B29639B84B9} - System32\Tasks\{12896EBE-1E08-4A22-ACCF-FB9312D0E5AF} => Chrome.exe

Task: {1A81BAB0-4E62-4967-AAF2-621A315DD591} - System32\Tasks\{60965311-56B3-4550-9665-C5F0AC659638} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)

Task: {1F0DCB44-ECBE-4151-A1ED-ABA343D0E3F7} - System32\Tasks\{9939FB0A-FE2C-4304-8DF4-7AE404B02821} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

Task: {3053C1E7-9160-4F3D-B0FF-1E705ED9D468} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {35792F62-9F68-4DBA-B5D0-9333083533B2} - System32\Tasks\{875D3640-D323-4F1E-94E3-CCA1C0A21B4E} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

Task: {363229D0-4BBD-4D11-8903-C5CBD1A6D976} - System32\Tasks\{78B6B401-95CC-4372-8F40-529FDAF1B8B6} => pcalua.exe -a C:\Users\bob\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor

Task: {44E2CAE9-BE20-4B24-BA8A-EF912FDD392B} - System32\Tasks\{A6C1146F-FC81-4355-9DC3-A16CA1FE68C3} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033

Task: {4DD172AD-D53A-4C48-8830-D3B3600B336C} - System32\Tasks\{79E5C3DC-E656-40F5-A330-E1A78ED411B9} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)

Task: {70C8B896-1BD8-40AC-9BCD-A42D208A739C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {7254F775-9716-4DAF-8134-DA761561CD91} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {7A93AE2E-6E4E-4544-AFF5-9D8264444DAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-10] (Google Inc.)

Task: {A0D83F81-1A38-4624-8D60-4C19732148E2} - System32\Tasks\{8F14F868-5B66-4300-9D51-FE35667DFB79} => pcalua.exe -a C:\Users\bob\Desktop\CM2320series_full_solution_v3.0_EMEA3.exe -d C:\Users\bob\Desktop

Task: {A17212DD-6177-48A6-80A6-0ACFF0C2628F} - System32\Tasks\{439586A2-ED71-4FF8-8073-0562EDC6B870} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

Task: {A240F122-6FFE-4BDA-8C26-C30241544842} - System32\Tasks\{FC51F8BC-56C8-4EFE-8C37-87CCFC170769} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)

Task: {AA66912A-A35A-4A31-8855-18B22E7204D3} - System32\Tasks\{0E7601AE-A4B1-4B6A-88A0-BA1010BBB2A6} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)

Task: {AEE302E3-D541-494B-80C3-51D8C4AC8914} - System32\Tasks\{E637B6B9-197F-4B4E-96A9-9136B1769763} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

Task: {BDE81D72-DF41-486B-870C-F123666FD44D} - System32\Tasks\{0DAFA025-D02E-43EA-ACAC-46EF01C38DF5} => pcalua.exe -a C:\Users\bob\Desktop\fp7_archive\FP7_archive\r61\flashplayer7r61_winax.exe -d C:\Users\bob\Desktop\fp7_archive\FP7_archive\r61

Task: {BF435694-96DF-4781-B50A-AFE9C2F56E10} - System32\Tasks\{34526DCE-8EAC-4F94-A2B7-1FAAC743364A} => pcalua.exe -a D:\setup.exe -d D:\

Task: {C53BFDCE-456D-44C7-808F-6B2882E4B0EB} - System32\Tasks\{F0B79BA5-9CBB-4A1D-AD57-65B0803D5F8D} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)

Task: {CB2192AA-9E96-463E-84DD-1A4B85D3759B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000UA => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)

Task: {CE4A0D69-6040-43EA-AE29-CDED01D2798D} - System32\Tasks\{7E34630D-C51C-4523-803B-2F8D26DA2D62} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

Task: {D27F535F-F123-45DE-9C87-8A0A448CF1CB} - System32\Tasks\{6E786CB6-379C-470A-A758-8633FA8FDE05} => pcalua.exe -a C:\Users\bob\Desktop\fp7_archive\FP7_archive\r61\flashplayer7r61_win.exe -d C:\Users\bob\Desktop\fp7_archive\FP7_archive\r61

Task: {D5C33196-68FC-461E-AB16-F9DD8021057D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {DB7A1C89-A670-477B-A939-046E9C460305} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-10] (Google Inc.)

Task: {DDFE5627-505D-41B3-BBD8-4CFC435EB589} - System32\Tasks\{0B2C62B9-3399-4245-9898-F47515B73FA6} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)

Task: {DF27480C-5658-4084-9BB4-2F6BF05F8EA2} - System32\Tasks\{058F8E18-8457-4FDF-A388-3171795564EA} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

Task: {F6114D25-C2E8-48CA-AA33-3CE0D05EF3EA} - System32\Tasks\{04C7AEEB-CE15-45C0-8235-EE2A6EB1225B} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)

Task: {FC608363-292A-4D9C-8C13-6EA96479C8E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000Core => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000Core.job => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000UA.job => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-09 00:35 - 2013-04-09 00:35 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll

2015-01-13 17:04 - 2015-01-13 17:04 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll

2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

2010-04-13 19:11 - 2010-04-13 19:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll

2011-04-05 03:18 - 2011-04-05 03:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-05-26 16:10 - 2013-06-17 15:40 - 00035944 _____ () C:\windows\system32\ddmon4-64x.dll

2014-01-31 00:52 - 2011-02-28 23:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll

2013-10-10 16:48 - 2013-10-10 16:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll

2014-05-17 01:37 - 2014-05-17 01:37 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll

2014-06-23 01:01 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-06-23 01:01 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-06-23 01:01 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-06-23 01:01 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-06-23 01:01 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2015-01-23 23:17 - 2015-01-21 04:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll

2015-01-23 23:17 - 2015-01-21 04:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll

2015-01-23 23:17 - 2015-01-21 04:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CrashPlan Tray.lnk => C:\windows\pss\CrashPlan Tray.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\windows\pss\Intuit Data Protect.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\bob\AppData\Local\Akamai\netsession_win.exe"

MSCONFIG\startupreg: AshSnap => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

MSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

MSCONFIG\startupreg: deskPDF Creator => "C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe" -minimize

MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: MyDriveConnect.exe => "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"

MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-951699276-22072461-1913971103-500 - Administrator - Disabled)

ASPNET (S-1-5-21-951699276-22072461-1913971103-1004 - Limited - Enabled)

bob (S-1-5-21-951699276-22072461-1913971103-1000 - Administrator - Enabled) => C:\Users\bob

Guest (S-1-5-21-951699276-22072461-1913971103-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-951699276-22072461-1913971103-1006 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (01/26/2015 08:58:12 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {1f733b06-6b9e-4bae-90c1-3e3e919b98cc}

Error: (01/26/2015 08:55:52 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 10:19:00 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {72a50b0c-2bd6-41ba-b314-4b248d2735e3}

Error: (01/24/2015 10:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 02:37:00 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {799c78a5-c36d-4884-8b68-5bb795683901}

Error: (01/24/2015 02:34:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 00:11:25 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (01/24/2015 00:10:45 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/23/2015 11:41:58 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {768ca73e-3486-453d-a671-ccc7b56e1f79}

Error: (01/23/2015 11:39:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (01/26/2015 08:57:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

Error: (01/26/2015 08:56:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/26/2015 08:56:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/26/2015 08:55:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll

Error Code: 126

Error: (01/25/2015 01:13:14 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/24/2015 10:18:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

Error: (01/24/2015 10:16:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/24/2015 10:16:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/24/2015 10:15:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll

Error Code: 126

Error: (01/24/2015 10:15:09 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 10:13:21 PM on ‎1/‎24/‎2015 was unexpected.

Microsoft Office Sessions:

=========================

Error: (01/26/2015 08:58:12 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Access is denied.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {1f733b06-6b9e-4bae-90c1-3e3e919b98cc}

Error: (01/26/2015 08:55:52 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 10:19:00 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Access is denied.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {72a50b0c-2bd6-41ba-b314-4b248d2735e3}

Error: (01/24/2015 10:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 02:37:00 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Access is denied.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {799c78a5-c36d-4884-8b68-5bb795683901}

Error: (01/24/2015 02:34:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 00:11:25 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-3.1.1\Tcl\bin64\tk85.dllc:\program files\R\r-3.1.1\Tcl\bin64\tk85.dll9

Error: (01/24/2015 00:10:45 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (01/23/2015 11:41:58 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Access is denied.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {768ca73e-3486-453d-a671-ccc7b56e1f79}

Error: (01/23/2015 11:39:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:

===================================

Date: 2013-08-20 20:24:09.595

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-20 20:24:09.593

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-20 20:24:09.591

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-20 20:24:09.576

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-20 20:24:09.575

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-20 20:24:09.572

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-18 00:31:08.029

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-18 00:31:08.029

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-18 00:31:08.029

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-18 00:31:08.013

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz

Percentage of memory in use: 40%

Total physical RAM: 8139.86 MB

Available physical RAM: 4851.23 MB

Total Pagefile: 20346.04 MB

Available Pagefile: 16814.28 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106139W0E) (Fixed) (Total:450.57 GB) (Free:276.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive e: () (Removable) (Total:7.38 GB) (Free:5.31 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 4E59E2AF)

Partition 1: (Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

========================================================

Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

The vendor's website is still up and has an A+ Better Business Bureau rating (which for US businesses is usually a sign that it is a legitimate company). I don't want to give you a link to the website because McAfee now says it is possibly suspicious, but here is the BBB link. 

 

http://www.bbb.org/west-florida/business-reviews/computers-service-and-repair/wholesale-software-in-sarasota-fl-90094600

Link to post
Share on other sites

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Hotspot Shield Toolbar for IESweet Page
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

 

fixlist.txt

Link to post
Share on other sites

Okay, thanks for all your help. Here is the MBAM log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 1/27/2015Scan Time: 11:33:21 PMLogfile: Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.01.27.10Rootkit Database: v2015.01.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: CaryScan Type: Threat ScanResult: CompletedObjects Scanned: 388884Time Elapsed: 30 min, 23 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1360, Delete-on-Reboot, [cf97fdffee9b95a1ffd4b5c542bf946c]Modules: 0(No malicious items detected)Registry Keys: 14PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Quarantined, [cf97fdffee9b95a1ffd4b5c542bf946c], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [f0769f5dcabf1224a51511e3fa082cd4], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [aabc9e5eef9a2e083ed011e84bb7a060], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [8fd7d02cb5d4b87e8819925181839e62], PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, Quarantined, [372f97656821360072084ba14db7728e], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [f07621dbc1c8ae8819882ab9e222dc24], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, Quarantined, [8ed87587ec9d2610486cfb97ba49f20e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [97cfca32abde05316f76eca67b88c63a], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [4224679584057cbae053495447bc5ea2], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [d09644b8acdd39fd9281b2d6798ada26], PUP.Optional.DigitalSites.A, HKU\S-1-5-21-951699276-22072461-1913971103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteproducts, Quarantined, [74f2bb411a6f3105676ad12fbd48f808], PUP.Optional.InstallCore.A, HKU\S-1-5-21-951699276-22072461-1913971103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [9fc7bd3f9aef72c4de21259c3ac96c94], PUP.Optional.InstallCore.A, HKU\S-1-5-21-951699276-22072461-1913971103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [56108676abde43f371a24791d133d22e], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-951699276-22072461-1913971103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [72f4fc003d4c6fc7ee443c615da6ab55], Registry Values: 5PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\quick_start@gmail.com, Quarantined, [4a1c03f9890043f32c47e4d28083da26]PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, Quarantined, [8ed87587ec9d2610486cfb97ba49f20e]PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, Quarantined, [97cfca32abde05316f76eca67b88c63a]PUP.Optional.InstallCore.A, HKU\S-1-5-21-951699276-22072461-1913971103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, Quarantined, [56108676abde43f371a24791d133d22e]PUP.Optional.QuickStart.A, HKU\S-1-5-21-951699276-22072461-1913971103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Quarantined, [6cfa3bc17811f6408264148cb64d7b85]Registry Data: 8PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms},'>http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}),Replaced,[a5c14daf4f3a7abc6aa4c5e326df47b9]PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX,'>http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX, Good: (www.google.com), Bad: (http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX),Replaced,[7de9af4d74153afc5bb286226b9a17e9]PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms},'>http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}),Replaced,[c89e6f8dfb8ee4529a7b762719ec936d]PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms},'>http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}),Replaced,[4e1805f77811a98d7f8ff9af0203f50b]PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX,'>http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX, Good: (www.google.com), Bad: (http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX),Replaced,[2e387587820700365bb2a30550b57b85]PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms},'>http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.sweet-page.com/web/?type=ds&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX&q={searchTerms}),Replaced,[b4b221db8bfec670cd48d6c78481758b]PUP.Optional.Trovi.A, HKU\S-1-5-21-951699276-22072461-1913971103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://trovi.com?SearchSource=10&CUI=UN11388850373080428&UM=4&ctid=CT1561552,'>http://trovi.com?SearchSource=10&CUI=UN11388850373080428&UM=4&ctid=CT1561552, Good: (www.google.com), Bad: (http://trovi.com?SearchSource=10&CUI=UN11388850373080428&UM=4&ctid=CT1561552),Replaced,[81e5718b92f7fc3a51bef0ad61a4ed13]PUP.Optional.SweetPage.A, HKU\S-1-5-21-951699276-22072461-1913971103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX,'>http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX, Good: (www.google.com), Bad: (http://www.sweet-page.com/?type=hp&ts=1401115133&from=cor&uid=HitachiXHTS545050B9A300_110421PBN408172S5J3EX),Replaced,[fd69cc301b6ed85e32d7d4d443c2a35d]Folders: 129PUP.Optional.OpenCandy, C:\Users\Cary\AppData\Roaming\OpenCandy, Quarantined, [7aec8a72ef9a93a3d92d96ac57ac4cb4], PUP.Optional.OpenCandy, C:\Users\Cary\AppData\Roaming\OpenCandy\884A7BDF9895464D8752BCC8B25BF014, Quarantined, [7aec8a72ef9a93a3d92d96ac57ac4cb4], PUP.Optional.MusicBoxToolBar.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\imeshmusicboxtoolbarha, Quarantined, [b1b56c90286177bface4a5a251b2cb35], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\adapter, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\abstractbutton, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\abstractbutton\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\alert, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\alert\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedhtml, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedhtml\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedhtml\html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedhtml\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedscript, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedscript\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedscript\html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedscript\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\flare, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\flare\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\flare\icons, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\generic, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\generic\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\link, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\link\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\images, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\rss, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\rss\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\thirdparty, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\thirdparty\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\uninstall, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\uninstall\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\weather, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\weather\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\common, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\radio, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\radio\css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\radio\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\rss, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\rss\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\test, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\topapps, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\topapps\css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\topapps\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\weather, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\weather\css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\weather\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api\window, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\moviereviews, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\moviereviews\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\moviereviews\css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\moviereviews\html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\moviereviews\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio\css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio\foreground, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio\radioWrapper, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\search, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\search\background, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\search\html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\icons, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native\libs, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\shared, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\_metadata, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Delete-on-Reboot, [7de97e7eddac6bcbee7af06724dfcd33], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [7de97e7eddac6bcbee7af06724dfcd33], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\include, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\include\tools, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\lib, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\module, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\pack, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\en, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\en-US, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\es, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\es-419, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\it, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\pl, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\ru, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\tr, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\vi, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\defaults, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\defaults\preferences, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.SystemSpeedup, C:\Users\Cary\AppData\Roaming\Systweak\ssd, Quarantined, [6ff7d3296326b77f253fcf8b21e238c8], PUP.Optional.Updater.A, C:\Users\Cary\AppData\Roaming\DigitalSites\UpdateProc, Quarantined, [184e2dcfc0c9d85ecc7c5c03c73cb14f], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.CrossRider.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\50bd015588400@50bd015588439.com, Quarantined, [ff67c63643461d1923f0f072d62d24dc], PUP.Optional.CrossRider.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\50bd015588400@50bd015588439.com\content, Quarantined, [ff67c63643461d1923f0f072d62d24dc], PUP.Optional.IHlpr.A, C:\Users\Cary\AppData\Roaming\IHlpr\884A7BDF9895464D8752BCC8B25BF014, Quarantined, [fb6be01c4346c07618356c088a7906fa], Files: 335PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Delete-on-Reboot, [cf97fdffee9b95a1ffd4b5c542bf946c], PUP.Optional.Skytech.A, C:\$Recycle.Bin\S-1-5-21-951699276-22072461-1913971103-1000\$RFZUQ35\UninstallManager.exe, Quarantined, [254122dae6a3bb7b27998426e31ed32d], PUP.Optional.ClientConnect, C:\Users\Cary\AppData\Local\Temp\Hotspot_Shield\tbHots.dll, Quarantined, [2244c23a1673270fec68695bd13005fb], PUP.Optional.PremiumInstaller, C:\Users\Cary\Downloads\setup (1).exe, Quarantined, [b0b657a51d6c9f9722d4b5dad5304eb2], PUP.Optional.PremiumInstaller, C:\Users\Cary\Downloads\setup.exe, Quarantined, [baac2bd17f0a3204797dd8b710f57c84], PUP.Optional.ClientConnect, C:\Users\Cary\AppData\Local\Tbccint\Community Alerts\Alert.dll, Quarantined, [511515e75d2cd066ff55d3f135cc26da], PUP.Optional.Trovi.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\searchplugins\trovi-search.xml, Quarantined, [b1b5728a8ffa6ec81248d8d28182d828], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhhjmlmdpcpiojiffodbldlkgcnaeogp_0.localstorage, Quarantined, [9cca2bd1a8e1a195e0ae525f70938a76], PUP.Optional.SweetPage.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml, Quarantined, [3531e21aa6e367cf92e7f4f824e0b14f], PUP.Optional.MusicBoxToolBar.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\imeshmusicboxtoolbarha\apnuserid.dat, Quarantined, [b1b56c90286177bface4a5a251b2cb35], PUP.Optional.MusicBoxToolBar.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\imeshmusicboxtoolbarha\appid.dat, Quarantined, [b1b56c90286177bface4a5a251b2cb35], PUP.Optional.MusicBoxToolBar.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\imeshmusicboxtoolbarha\geodata.xml, Quarantined, [b1b56c90286177bface4a5a251b2cb35], PUP.Optional.MusicBoxToolBar.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\imeshmusicboxtoolbarha\setupCfg.xml, Quarantined, [b1b56c90286177bface4a5a251b2cb35], PUP.Optional.MusicBoxToolBar.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\imeshmusicboxtoolbarha\sysid.dat, Quarantined, [b1b56c90286177bface4a5a251b2cb35], PUP.Optional.MusicBoxToolBar.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\imeshmusicboxtoolbarha\trackid.dat, Quarantined, [b1b56c90286177bface4a5a251b2cb35], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\bg.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\buildVars, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\buildVars.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\companionSW.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\config.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\contentScript.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], 
Link to post
Share on other sites

And part two of MBAM. I will run others now.

PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\contentScript.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\debug.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\debug.jade, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\extension_toolbar_api.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\initWidgetWindow.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\manifest.json, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\newTabContentScript.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\options.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\spent.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\spent.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\spent.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\spent2.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\spent2.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\spentJ.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\spentK.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\spentK.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\startup.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\stub.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\stubby.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\superFrame.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\toolbar.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\toolbar.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\toolbarUI.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\toolbarUI.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\toolbarUI.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\url.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\adapter\adapterUtil.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\adapter\widget-adapter.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\alert\background\alertButton.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\flare\background\FlareWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\flare\icons\Thumbs.db, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\generic\background\GenericWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\link\background\linkButton.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\README.txt, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\background\menuButton.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\css\menuframe.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\html\menuframe.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\images\right_arrow.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\images\right_arrow_white.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\js\menuframe.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\js\query-string.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\rss\background\RssWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\components\weather\background\weatherButton.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\bs.30.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\common.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\dynamic.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\enableDetect.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\eventListening.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\global.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\jquery-1.7.1.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\list-interaction.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\messageEventListener.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\navRedirector.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\paramReplacer.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\PartnerId.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\set.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\underscore-1.3.1.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\underscore-1.5.2.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\js\unifiedLogging.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widget-context-1.0.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\common\common.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\common\set.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\test\invalid.json, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\test\jquery.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\test\qunit.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\test\qunit.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\test\resource.json, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\test\resource.xml, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api\background\ApiBasedWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api\background\widget-api-impl.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api\window\widgetWindow.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\api\window\widgetWindow.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\background\updateSearch.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\moviereviews\css\movieReviews.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\moviereviews\html\movieReviews.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\moviereviews\js\movieReviews.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio\background\RadioWidget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio\css\toolbar-item.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio\foreground\button.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\search\background\searchBox.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\search\html\searchSuggestions.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\search\html\searchSuggestions.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\search\html\searchSuggestions.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\search\html\searchSuggestionsInit.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\css\supertab.css, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\html\supertab.html, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\js\newtabfork.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\js\reporting.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\js\srchsugg.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\js\supertab.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\js\unifiedLogging.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\components\supertab\js\__utm.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\icons\arrowSprite.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\icons\icon128.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\icons\icon16.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\icons\icon19disabled.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\icons\icon19on.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\icons\icon48.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\222098089.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\222124472.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\222124475.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\222124500.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\222124501.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\222124502.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\222124516.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\down_arrow.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\magnifying_glass.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\RadioPlayerSprite.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\search_button.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\tvf_icon_guide.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\tvf_logo.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\images\wrench.png, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\chromeUtils.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\exeManager.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\exeManagerNMD.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\exePackageManager.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\focusManager.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\globalBlacklistManager.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\messaging.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\mutation_summary-min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\mutation_summary.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\nativeMessagingDispatcher.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\newTabInfo.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\newTabInitialize.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\options.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\readLocalStorage.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\reservespacefortoolbar.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\reservespaceifenabled.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\scriptInjector.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\searchContext.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\settingsOverrides.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\toolbarCookieParser.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\toolbarPreinit.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\underscore-1.3.1.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\URILoaderContentScript.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\Widget.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\widgetContentScriptInjectee.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\widgetFactory.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\js\widgetWindowManager.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native\cache.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native\ce.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native\chromeStorage.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native\debug.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native\ss.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native\libs\jquery-1.7.1.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native\libs\jquery-1.9.1.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\native\libs\underscore-1.5.2.min.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\shared\competitorDnsList.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\shared\HttpURL.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\shared\rsvp-latest.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\shared\unifiedLogging.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\shared\universalConsole.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\shared\utils.js, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.MindSpark.A, C:\Users\Cary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\12.7.5.60332_0\_metadata\verified_contents.json, Quarantined, [fc6aaf4d95f481b567c6301b0300bc44], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [7de97e7eddac6bcbee7af06724dfcd33], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome.manifest, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\install.rdf, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\index.html, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\chrome\skin\style.css, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\addonmanager.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\aes.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\config.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\dialogs.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\last_tab.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\misc.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\properties.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\remoterequest.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.FastStart.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\faststartff@gmail.com\modules\settings.js, Quarantined, [c2a445b791f87bbb4743ff59d82b8c74], PUP.Optional.SystemSpeedup, C:\Users\Cary\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, Quarantined, [6ff7d3296326b77f253fcf8b21e238c8], PUP.Optional.Updater.A, C:\Users\Cary\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined, [184e2dcfc0c9d85ecc7c5c03c73cb14f], PUP.Optional.Updater.A, C:\Users\Cary\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined, [184e2dcfc0c9d85ecc7c5c03c73cb14f], PUP.Optional.Updater.A, C:\Users\Cary\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, Quarantined, [184e2dcfc0c9d85ecc7c5c03c73cb14f], PUP.Optional.Updater.A, C:\Users\Cary\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, Quarantined, [184e2dcfc0c9d85ecc7c5c03c73cb14f], PUP.Optional.Updater.A, C:\Users\Cary\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, Quarantined, [184e2dcfc0c9d85ecc7c5c03c73cb14f], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\sliders, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\categoryNav, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\CustomsData, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\domain, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\hotsearch, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\hotsearch_uptime, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\indexCss, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\indexHtml, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\indexJS, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\listNumOld, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\mostvisitData, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\name, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\path, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\set_country, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\TABts, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\tips, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\tips_uptime, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\uid, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\updateTime, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\url, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\wallpaper_all, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\wallpaper_data, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\wallpaper_option, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\wallpaper_options, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\_ver, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\__import_data, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.SupTab.A, C:\Users\Cary\AppData\Roaming\SupTab\__tips_manager, Quarantined, [ef77768698f1ef47ba1587d8a261837d], PUP.Optional.CrossRider.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\50bd015588400@50bd015588439.com\bootstrap.js, Quarantined, [ff67c63643461d1923f0f072d62d24dc], PUP.Optional.CrossRider.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\50bd015588400@50bd015588439.com\chrome.manifest, Quarantined, [ff67c63643461d1923f0f072d62d24dc], PUP.Optional.CrossRider.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\50bd015588400@50bd015588439.com\install.rdf, Quarantined, [ff67c63643461d1923f0f072d62d24dc], PUP.Optional.CrossRider.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\50bd015588400@50bd015588439.com\content\bg.js, Quarantined, [ff67c63643461d1923f0f072d62d24dc], PUP.Optional.CrossRider.A, C:\Users\Cary\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\extensions\50bd015588400@50bd015588439.com\content\zy.xul, Quarantined, [ff67c63643461d1923f0f072d62d24dc], PUP.Optional.IHlpr.A, C:\Users\Cary\AppData\Roaming\IHlpr\884A7BDF9895464D8752BCC8B25BF014\TuneUp2014GER15day-de-DE-p4v1.exe, Quarantined, [fb6be01c4346c07618356c088a7906fa], Physical Sectors: 0(No malicious items detected)(end)
Link to post
Share on other sites

ESET has been scanning for almost 10 hours, is at 93% and has found 18 threats, although the computer went into sleep mode at some point last night, so I am not sure how accurate that is. I thought the antivirus was turned off and it was for at least the first 74% of the scan, but it was on again this morning and the scan was at 93%. I turned it off, but will this effect that scan?

Link to post
Share on other sites

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted

application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted

application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted

application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted

application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted

application

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\da.cmd BAT/Qhost.NOV trojan

C:\Program Files (x86)\Hotspot Shield\ConduitUninstaller.exe Win32/Toolbar.Conduit potentially unwanted application

C:\ProgramData\InstallMate\{1FED3EBC-3A21-2BF9-C912-7203C40E1C4A}\_Setupx.dll Win32/InstalleRex.T potentially unwanted

application

C:\ProgramData\InstallMate\{8D7FD710-218C-E886-0A6D-69AE569CF5E6}\_Setupx.dll Win32/InstalleRex.T potentially unwanted

application

C:\ProgramData\Tbccint\Multi\CT1561552\UninstallerUI.exe a variant of Win32/ClientConnect.A potentially unwanted

application

C:\ProgramData\wxDownload\50bd01ba2a92b.ocx Win32/Adware.MultiPlug.E application

C:\ProgramData\wxDownload\50bd01ba2a964.html Win32/Adware.MultiPlug.H application

C:\Users\All Users\InstallMate\{1FED3EBC-3A21-2BF9-C912-7203C40E1C4A}\_Setupx.dll Win32/InstalleRex.T potentially

unwanted application

C:\Users\All Users\InstallMate\{8D7FD710-218C-E886-0A6D-69AE569CF5E6}\_Setupx.dll Win32/InstalleRex.T potentially

unwanted application

C:\Users\All Users\Tbccint\Multi\CT1561552\UninstallerUI.exe a variant of Win32/ClientConnect.A potentially unwanted

application

C:\Users\All Users\wxDownload\50bd01ba2a92b.ocx Win32/Adware.MultiPlug.E application

C:\Users\All Users\wxDownload\50bd01ba2a964.html Win32/Adware.MultiPlug.H application

C:\Users\bob\Downloads\ccsetup416 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\bob\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\bob\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\bob\Downloads\ccsetup418 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\bob\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\bob\Downloads\ccsetup419 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\bob\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\bob\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\bob\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\bob\Downloads\HSS-3.42-install-hss-561-conduit.exe Win32/Toolbar.Conduit potentially unwanted application

C:\Users\bob\Downloads\KeyFinderInstaller.exe a variant of Win32/OpenCandy.C potentially unsafe application

C:\Users\bob\Downloads\winzip19-lan.exe a variant of Win32/InstallCore.PL potentially unwanted application

C:\Windows\Installer\15ce87a.msi a variant of Win32/Systweak.L potentially unwanted application

C:\Windows\Installer\MSI4655.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

 

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also



Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)



  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!




Are any problems left or may I post the final reply? :)

 

fixlist.txt

Link to post
Share on other sites

I ran the fix with FRST and an now running the others : ), here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015Ran by bob at 2015-01-29 23:32:54 Run:1Running from C:\Users\bob\Desktop\farber toolLoaded Profiles: bob (Available profiles: bob)Boot Mode: Normal==============================================Content of fixlist:*****************C:\Program Files\WinZip\Utils\WzSysScanC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\da.cmdC:\Program Files (x86)\Hotspot Shield\ConduitUninstaller.exeC:\ProgramData\InstallMate\{1FED3EBC-3A21-2BF9-C912-7203C40E1C4A}C:\ProgramData\InstallMate\{8D7FD710-218C-E886-0A6D-69AE569CF5E6}C:\ProgramData\Tbccint\Multi\CT1561552C:\ProgramData\wxDownloadC:\Users\All Users\InstallMate\{1FED3EBC-3A21-2BF9-C912-7203C40E1C4A}C:\Users\All Users\InstallMate\{8D7FD710-218C-E886-0A6D-69AE569CF5E6}C:\Users\All Users\Tbccint\Multi\CT1561552C:\Users\All Users\wxDownloadC:\Users\bob\Downloads\ccsetup416 (1).exeC:\Users\bob\Downloads\ccsetup416.exeC:\Users\bob\Downloads\ccsetup417.exeC:\Users\bob\Downloads\ccsetup418 (1).exeC:\Users\bob\Downloads\ccsetup418.exeC:\Users\bob\Downloads\ccsetup419 (1).exeC:\Users\bob\Downloads\ccsetup419.exeC:\Users\bob\Downloads\ccsetup500.exeC:\Users\bob\Downloads\ccsetup501.exeC:\Users\bob\Downloads\HSS-3.42-install-hss-561-conduit.exeC:\Users\bob\Downloads\KeyFinderInstaller.exeC:\Users\bob\Downloads\winzip19-lan.exeC:\Windows\Installer\15ce87a.msiC:\Windows\Installer\MSI4655.tmpEmptyTemp:*****************C:\Program Files\WinZip\Utils\WzSysScan => Moved successfully.
Link to post
Share on other sites

After running Adware cleaner, I cannot get the computer to connect to the internet. It will join the wireless network, but says 'limited' connectivity and shows as no connection (the circle over the signal bars). I know the wireless is working, because I am able to use it on other computers. Would Adware cleaner have made some change to internet settings? Here is the Adware cleaner log:

# AdwCleaner v4.109 - Report created 29/01/2015 at 23:59:51# Updated 24/01/2015 by Xplode# Database : 2015-01-26.1 [Live]# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : bob - SATELLITE# Running from : C:\Users\bob\Desktop\adwcleaner_4.109.exe# Option : Clean***** [ Services ] *****Service Deleted : hshld[#] Service Deleted : hsstrayserviceService Deleted : hsswdService Deleted : Skype C2C Service***** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\apn[#] Folder Deleted : C:\ProgramData\Browser ManagerFolder Deleted : C:\ProgramData\hotspot shieldFolder Deleted : C:\ProgramData\PremiumFolder Deleted : C:\ProgramData\TbccintFolder Deleted : C:\ProgramData\WPMFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shieldFolder Deleted : C:\Program Files (x86)\hotspot shieldFolder Deleted : C:\Program Files (x86)\TbccintFolder Deleted : C:\windows\SysWOW64\hotspot shieldFolder Deleted : C:\Users\bob\AppData\Local\PackageAwareFolder Deleted : C:\Users\bob\AppData\Local\TbccintFolder Deleted : C:\Users\bob\AppData\LocalLow\imeshmusicboxtoolbarhaFolder Deleted : C:\Users\bob\AppData\LocalLow\TbccintFolder Deleted : C:\Users\bob\AppData\Roaming\0D0S1L2Z1P1BFolder Deleted : C:\Users\bob\AppData\Roaming\DigitalSitesFolder Deleted : C:\Users\bob\AppData\Roaming\hotspot shieldFolder Deleted : C:\Users\bob\AppData\Roaming\SystweakFolder Deleted : C:\Users\bob\AppData\Roaming\IHlprFile Deleted : C:\Users\Public\Desktop\Hotspot Shield.lnkFile Deleted : C:\windows\System32\roboot64.exeFile Deleted : C:\windows\System32\drivers\taphss6.sysFile Deleted : C:\windows\System32\drivers\hssdrv6.sysFile Deleted : C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\searchplugins\ask-search.xmlFile Deleted : C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\user.js***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKCU\Software\Mozilla\ExtendsKey Deleted : HKLM\SOFTWARE\Classes\ctTOOLBAR.ctToolBarCtrl.3Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{68316ECC-3526-4835-B20C-D3886D303EB0}Key Deleted : HKCU\Software\systweakKey Deleted : HKCU\Software\TbccintKey Deleted : HKCU\Software\Tbccint_HKLMKey Deleted : HKCU\Software\ZugoKey Deleted : HKCU\Software\AppDataLow\Software\TbccintKey Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopesKey Deleted : HKLM\SOFTWARE\hotspotshieldKey Deleted : HKLM\SOFTWARE\systweakKey Deleted : HKLM\SOFTWARE\WpmKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshieldData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLLData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLLData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]-\\ Mozilla Firefox v34.0.5 (x86 en-US)[hnz5jvm9.default\prefs.js] - Line Deleted : user_pref("de.soerenrinne.googlebuttons.userlist", "Mail,Reader,Web Search,Maps,Calendar,Wave,Dashboard,Google Shortcuts Settings,Translate,");[hnz5jvm9.default\prefs.js] - Line Deleted : user_pref("extensions.50bd0155884ab.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]-\\ Google Chrome v40.0.2214.93*************************AdwCleaner[R0].txt - [5727 octets] - [29/01/2015 23:56:01]AdwCleaner[S0].txt - [5238 octets] - [29/01/2015 23:59:51]########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5298 octets] ##########
Link to post
Share on other sites

Okay, here they are:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015Ran by bob at 2015-01-31 11:04:28Running from C:\Users\bob\Desktop\farber toolBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Akamai NetSession Interface (HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version:  - )Ashampoo Snap 6 v.6.0.6 (HKLM-x32\...\{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1) (Version: 6.0.6 - Ashampoo GmbH & Co. KG)Ashampoo WinOptimizer 2013 v.1.0.0 (HKLM-x32\...\{4209F371-7B85-60AD-E5CE-E4409D39E3DE}_is1) (Version: 1.00.00 - Ashampoo GmbH & Co. KG)Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.5.0.1 - Canon Inc.)Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.7.0.3 - Canon Inc.)Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.8.0.5 - Canon Inc.)Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )Canon PowerShot SX230 HS and PowerShot SX220 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX230HSandPSSX220HS) (Version: 1.0.1.2 - Canon Inc.)Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.5.0.7 - Canon Inc.)Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)Canon Utilities Map Utility (HKLM-x32\...\MapUtility) (Version: 1.0.0.19 - Canon Inc.)Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.2.33 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.1.10 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) HiddenCisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)CrashPlan (HKLM\...\{FCE35118-DD2F-4DB8-A5B6-D857F95669E0}) (Version: 3.5.3 - CrashPlan)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenEpson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)Epson E-Web Print (HKLM-x32\...\{E078671F-A754-4D31-BDB8-74E855FB02F2}) (Version: 1.16.0000 - SEIKO EPSON CORPORATION)EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )ExpressVPN v3.416 (HKLM-x32\...\ExpressVPN) (Version: v3.416 - )File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenHxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)IncredibleCharts Pro (HKLM-x32\...\{134959C1-E63F-11D5-87EF-444553540000}_is1) (Version:  - Vizhon Corporation)Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenKVS Tool [7.7.2.R1] (HKLM-x32\...\KVS_AvailabilityTool) (Version: 7.7.2.R1 - KVS)Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)Macromedia Flash Player (HKLM-x32\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) HiddenMcAfee Online Backup (x32 Version:  - McAfee, Inc.) HiddenMcAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.182 - McAfee, Inc.)McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)Menschen A1-1 Lerner-DVD-ROM zum Kursbuch (HKLM-x32\...\de.hueber.menschena11izu) (Version: 1.0 - Hueber Verlag GmbH & Co KG)Menschen A1-1 Lerner-DVD-ROM zum Kursbuch (x32 Version: 1.0 - Hueber Verlag GmbH & Co KG) HiddenMicrosoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)MyDriveConnect 3.3.0.1318 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1318 - TomTom)Ogallala_Ag_Clim (HKLM-x32\...\{D19C1012-1060-4D38-BB09-308081845BC2}) (Version: 1.00.0000 - USDA - ARS)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)QuickBooks (x32 Version: 21.0.4009.904 - Intuit Inc.) HiddenQuickBooks Pro 2005 (HKLM-x32\...\{14374622-0900-4056-BA06-C87C900AF9E6}) (Version:  - )QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4009.904 - Intuit Inc.)Quicken 2006 (HKLM-x32\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.1.29 - Intuit)Quicken Legal Business Pro 2009 (HKLM-x32\...\Quicken Legal Business Pro 2009) (Version:  - )Quicken WillMaker Plus 2009 (HKLM-x32\...\Quicken WillMaker Plus 2009) (Version:  - )R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1079 - RStudio)Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)TurboTax Business 2011 (HKLM-x32\...\TurboTax Business 2011) (Version:  - Intuit, Inc)Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )wOBD (HKLM-x32\...\ST6UNST #1) (Version:  - )Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\bob\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\bob\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-951699276-22072461-1913971103-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\bob\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)==================== Restore Points  =========================10-10-2014 13:50:56 McAfee Vulnerability Scanner15-10-2014 22:25:59 Windows Update17-10-2014 07:43:18 McAfee Vulnerability Scanner24-10-2014 17:04:29 McAfee Vulnerability Scanner31-10-2014 09:17:55 McAfee Vulnerability Scanner07-11-2014 20:42:57 Installed Ogallala_Ag_Clim.07-11-2014 21:13:22 McAfee Vulnerability Scanner07-11-2014 21:30:55 McAfee Vulnerability Scanner13-11-2014 11:25:32 Windows Update19-11-2014 20:18:03 Windows Update28-11-2014 15:53:06 McAfee Vulnerability Scanner05-12-2014 18:26:34 McAfee Vulnerability Scanner10-12-2014 18:28:06 Windows Update15-12-2014 09:22:36 Windows Modules Installer19-12-2014 17:29:25 McAfee Vulnerability Scanner19-12-2014 17:43:58 Windows Update31-12-2014 14:39:04 Scheduled Checkpoint07-01-2015 15:06:46 Scheduled Checkpoint15-01-2015 23:25:20 Windows Update24-01-2015 00:15:54 Scheduled Checkpoint26-01-2015 21:05:40 Removed Adobe Acrobat XI Pro.26-01-2015 21:16:17 Removed Adobe Acrobat XI Pro.27-01-2015 23:14:45 Revo Uninstaller's restore point - Hotspot Shield Toolbar for IE27-01-2015 23:23:30 Revo Uninstaller's restore point - Sweet Page==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-14 03:34 - 2015-01-15 22:46 - 00450918 ____A C:\windows\system32\Drivers\etc\hosts192.168.1.249	NPI92578A127.0.0.1	activate.adobe.com127.0.0.1	practivate.adobe.com127.0.0.1	www.007guard.com127.0.0.1	007guard.com127.0.0.1	008i.com127.0.0.1	www.008k.com127.0.0.1	008k.com127.0.0.1	www.00hq.com127.0.0.1	00hq.com127.0.0.1	010402.com127.0.0.1	www.032439.com127.0.0.1	032439.com127.0.0.1	www.0scan.com127.0.0.1	0scan.com127.0.0.1	1000gratisproben.com127.0.0.1	www.1000gratisproben.com127.0.0.1	1001namen.com127.0.0.1	www.1001namen.com127.0.0.1	100888290cs.com127.0.0.1	www.100888290cs.com127.0.0.1	www.100sexlinks.com127.0.0.1	100sexlinks.com127.0.0.1	10sek.com127.0.0.1	www.10sek.com127.0.0.1	www.1-2005-search.com127.0.0.1	1-2005-search.com127.0.0.1	123fporn.info127.0.0.1	www.123fporn.infoThere are 1000 more lines.==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {0021B1AC-4140-42A8-B6F8-61D25EE658D1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)Task: {042DE4F5-6EBF-4B6A-A961-8B29639B84B9} - System32\Tasks\{12896EBE-1E08-4A22-ACCF-FB9312D0E5AF} => Chrome.exe Task: {1A81BAB0-4E62-4967-AAF2-621A315DD591} - System32\Tasks\{60965311-56B3-4550-9665-C5F0AC659638} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)Task: {1F0DCB44-ECBE-4151-A1ED-ABA343D0E3F7} - System32\Tasks\{9939FB0A-FE2C-4304-8DF4-7AE404B02821} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeTask: {3053C1E7-9160-4F3D-B0FF-1E705ED9D468} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {35792F62-9F68-4DBA-B5D0-9333083533B2} - System32\Tasks\{875D3640-D323-4F1E-94E3-CCA1C0A21B4E} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeTask: {363229D0-4BBD-4D11-8903-C5CBD1A6D976} - System32\Tasks\{78B6B401-95CC-4372-8F40-529FDAF1B8B6} => pcalua.exe -a C:\Users\bob\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=corTask: {44E2CAE9-BE20-4B24-BA8A-EF912FDD392B} - System32\Tasks\{A6C1146F-FC81-4355-9DC3-A16CA1FE68C3} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033Task: {4DD172AD-D53A-4C48-8830-D3B3600B336C} - System32\Tasks\{79E5C3DC-E656-40F5-A330-E1A78ED411B9} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)Task: {70C8B896-1BD8-40AC-9BCD-A42D208A739C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)Task: {7254F775-9716-4DAF-8134-DA761561CD91} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {7A93AE2E-6E4E-4544-AFF5-9D8264444DAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-10] (Google Inc.)Task: {A0D83F81-1A38-4624-8D60-4C19732148E2} - System32\Tasks\{8F14F868-5B66-4300-9D51-FE35667DFB79} => pcalua.exe -a C:\Users\bob\Desktop\CM2320series_full_solution_v3.0_EMEA3.exe -d C:\Users\bob\DesktopTask: {A17212DD-6177-48A6-80A6-0ACFF0C2628F} - System32\Tasks\{439586A2-ED71-4FF8-8073-0562EDC6B870} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeTask: {A240F122-6FFE-4BDA-8C26-C30241544842} - System32\Tasks\{FC51F8BC-56C8-4EFE-8C37-87CCFC170769} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)Task: {AA66912A-A35A-4A31-8855-18B22E7204D3} - System32\Tasks\{0E7601AE-A4B1-4B6A-88A0-BA1010BBB2A6} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)Task: {AEE302E3-D541-494B-80C3-51D8C4AC8914} - System32\Tasks\{E637B6B9-197F-4B4E-96A9-9136B1769763} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeTask: {BDE81D72-DF41-486B-870C-F123666FD44D} - System32\Tasks\{0DAFA025-D02E-43EA-ACAC-46EF01C38DF5} => pcalua.exe -a C:\Users\bob\Desktop\fp7_archive\FP7_archive\r61\flashplayer7r61_winax.exe -d C:\Users\bob\Desktop\fp7_archive\FP7_archive\r61Task: {BF435694-96DF-4781-B50A-AFE9C2F56E10} - System32\Tasks\{34526DCE-8EAC-4F94-A2B7-1FAAC743364A} => pcalua.exe -a D:\setup.exe -d D:\Task: {C53BFDCE-456D-44C7-808F-6B2882E4B0EB} - System32\Tasks\{F0B79BA5-9CBB-4A1D-AD57-65B0803D5F8D} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)Task: {CB2192AA-9E96-463E-84DD-1A4B85D3759B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000UA => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)Task: {CE4A0D69-6040-43EA-AE29-CDED01D2798D} - System32\Tasks\{7E34630D-C51C-4523-803B-2F8D26DA2D62} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeTask: {D27F535F-F123-45DE-9C87-8A0A448CF1CB} - System32\Tasks\{6E786CB6-379C-470A-A758-8633FA8FDE05} => pcalua.exe -a C:\Users\bob\Desktop\fp7_archive\FP7_archive\r61\flashplayer7r61_win.exe -d C:\Users\bob\Desktop\fp7_archive\FP7_archive\r61Task: {D5C33196-68FC-461E-AB16-F9DD8021057D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {DB7A1C89-A670-477B-A939-046E9C460305} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-10] (Google Inc.)Task: {DDFE5627-505D-41B3-BBD8-4CFC435EB589} - System32\Tasks\{0B2C62B9-3399-4245-9898-F47515B73FA6} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)Task: {DF27480C-5658-4084-9BB4-2F6BF05F8EA2} - System32\Tasks\{058F8E18-8457-4FDF-A388-3171795564EA} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeTask: {F6114D25-C2E8-48CA-AA33-3CE0D05EF3EA} - System32\Tasks\{04C7AEEB-CE15-45C0-8235-EE2A6EB1225B} => C:\Program Files (x86)\Intuit\QuickBooks 2005\QBW32Pro.exe [2004-10-22] (Intuit, Inc.)Task: {FC608363-292A-4D9C-8C13-6EA96479C8E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000Core => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000Core.job => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000UA.job => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2014-05-26 16:10 - 2013-06-17 15:40 - 00035944 _____ () C:\windows\system32\ddmon4-64x.dll2014-01-31 00:52 - 2011-02-28 23:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll2013-04-09 00:35 - 2013-04-09 00:35 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll2015-01-13 17:04 - 2015-01-13 17:04 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll2011-04-05 03:18 - 2011-04-05 03:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2010-04-13 19:11 - 2010-04-13 19:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll2013-10-10 16:48 - 2013-10-10 16:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll2014-06-23 01:01 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-06-23 01:01 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2014-06-23 01:01 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-06-23 01:01 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll2014-06-23 01:01 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\Windows:nlsPreferences==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CrashPlan Tray.lnk => C:\windows\pss\CrashPlan Tray.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\windows\pss\Intuit Data Protect.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\windows\pss\QuickBooks Update Agent.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.StartupMSCONFIG\startupfolder: C:^Users^bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.StartupMSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\bob\AppData\Local\Akamai\netsession_win.exe"MSCONFIG\startupreg: AshSnap => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exeMSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonMSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logonMSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exeMSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimizedMSCONFIG\startupreg: deskPDF Creator => "C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe" -minimizeMSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCEMSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startupMSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundMSCONFIG\startupreg: MyDriveConnect.exe => "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRunMSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exeMSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exeMSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exeMSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exeMSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"========================= Accounts: ==========================Administrator (S-1-5-21-951699276-22072461-1913971103-500 - Administrator - Disabled)ASPNET (S-1-5-21-951699276-22072461-1913971103-1004 - Limited - Enabled)bob (S-1-5-21-951699276-22072461-1913971103-1000 - Administrator - Enabled) => C:\Users\bobGuest (S-1-5-21-951699276-22072461-1913971103-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-951699276-22072461-1913971103-1006 - Limited - Enabled)==================== Faulty Device Manager Devices =============Name: Hotspot Shield Routing Driver 6Description: Hotspot Shield Routing Driver 6Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: HssDRV6Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved.Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: vpnvaProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Anchorfree HSS VPN AdapterDescription: Anchorfree HSS VPN AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Anchorfree HSS VPN AdapterService: taphss6Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.Name: Anchorfree HSS VPN Adapter #2Description: Anchorfree HSS VPN AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Anchorfree HSS VPN AdapterService: taphss6Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.==================== Event log errors: =========================Application errors:==================Error: (01/30/2015 00:04:12 AM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.Operation:   Gathering Writer DataContext:   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}   Writer Name: System Writer   Writer Instance ID: {6fa614eb-4c83-456d-8a49-6c620d4651ba}Error: (01/30/2015 00:01:34 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/29/2015 11:54:52 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (01/29/2015 11:39:07 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.Operation:   Gathering Writer DataContext:   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}   Writer Name: System Writer   Writer Instance ID: {0456647f-8e09-49e7-810a-07607aaff41c}Error: (01/29/2015 11:36:14 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/29/2015 01:12:05 AM) (Source: SideBySide) (EventID: 63) (User: )Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.Error: (01/29/2015 01:11:01 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Error: (01/28/2015 08:51:38 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: McPvNs.dll_unloaded, version: 0.0.0.0, time stamp: 0x522de439Exception code: 0xc0000005Fault offset: 0x000007fee9774050Faulting process id: 0xa50Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3Error: (01/28/2015 01:03:46 PM) (Source: SideBySide) (EventID: 63) (User: )Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.Error: (01/28/2015 01:02:47 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.System errors:=============Error: (01/30/2015 00:03:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The HP Network Devices Support service terminated with the following error: %%126Error: (01/30/2015 00:02:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)Error: (01/30/2015 00:02:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)Error: (01/30/2015 00:01:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: HssDRV6Error: (01/30/2015 00:01:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (01/30/2015 00:00:40 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk1\DR1.Error: (01/30/2015 00:00:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Search service failed to start due to the following error: %%1069Error: (01/30/2015 00:00:39 AM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Error: (01/30/2015 00:00:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: %%1069Error: (01/30/2015 00:00:39 AM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: %%50To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Microsoft Office Sessions:=========================Error: (01/30/2015 00:04:12 AM) (Source: VSS) (EventID: 8194) (User: )Description: 0x80070005, Access is denied.Operation:   Gathering Writer DataContext:   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}   Writer Name: System Writer   Writer Instance ID: {6fa614eb-4c83-456d-8a49-6c620d4651ba}Error: (01/30/2015 00:01:34 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/29/2015 11:54:52 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\bob\Downloads\esetsmartinstaller_enu.exeError: (01/29/2015 11:39:07 PM) (Source: VSS) (EventID: 8194) (User: )Description: 0x80070005, Access is denied.Operation:   Gathering Writer DataContext:   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}   Writer Name: System Writer   Writer Instance ID: {0456647f-8e09-49e7-810a-07607aaff41c}Error: (01/29/2015 11:36:14 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/29/2015 01:12:05 AM) (Source: SideBySide) (EventID: 63) (User: )Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-3.1.1\Tcl\bin64\tk85.dllc:\program files\R\r-3.1.1\Tcl\bin64\tk85.dll9Error: (01/29/2015 01:11:01 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exeError: (01/28/2015 08:51:38 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4McPvNs.dll_unloaded0.0.0.0522de439c0000005000007fee9774050a5001d03a8624cae1caC:\windows\Explorer.EXEMcPvNs.dll1215d0b8-a727-11e4-bd11-e89a8f55e411Error: (01/28/2015 01:03:46 PM) (Source: SideBySide) (EventID: 63) (User: )Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-3.1.1\Tcl\bin64\tk85.dllc:\program files\R\r-3.1.1\Tcl\bin64\tk85.dll9Error: (01/28/2015 01:02:47 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exeCodeIntegrity Errors:===================================  Date: 2013-08-20 20:24:09.595  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.  Date: 2013-08-20 20:24:09.593  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.  Date: 2013-08-20 20:24:09.591  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.  Date: 2013-08-20 20:24:09.576  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.  Date: 2013-08-20 20:24:09.575  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.  Date: 2013-08-20 20:24:09.572  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.  Date: 2013-08-18 00:31:08.029  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.  Date: 2013-08-18 00:31:08.029  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.  Date: 2013-08-18 00:31:08.029  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.  Date: 2013-08-18 00:31:08.013  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHzPercentage of memory in use: 26%Total physical RAM: 8139.86 MBAvailable physical RAM: 5992.81 MBTotal Pagefile: 20346.04 MBAvailable Pagefile: 17957.86 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB==================== Drives ================================Drive c: (TI106139W0E) (Fixed) (Total:450.57 GB) (Free:275.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive e: () (Removable) (Total:7.38 GB) (Free:5.31 GB) FAT32Drive f: () (Removable) (Total:14.9 GB) (Free:5.38 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 4E59E2AF)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)========================================================Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)Partition: GPT Partition Type.========================================================Disk: 2 (Size: 14.9 GB) (Disk ID: 00000000)Partition: GPT Partition Type.==================== End Of Log ============================
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015

Ran by bob (administrator) on SATELLITE on 31-01-2015 11:01:32

Running from C:\Users\bob\Desktop\farber tool

Loaded Profiles: bob (Available profiles: bob)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe

(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

(Google Inc.) C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-06-10] (Google Inc.)

HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Run: [Google Update] => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-15] (Google Inc.)

HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-951699276-22072461-1913971103-1000\...\MountPoints2: {84c669c1-c586-11e0-8b1c-e89a8f55e411} - E:\LaunchU3.exe -a

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk

ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)

ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-951699276-22072461-1913971103-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> {FF6E0AAE-BF49-4731-81E0-6BF344B1929A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKLM-x32 -> {FF6E0AAE-BF49-4731-81E0-6BF344B1929A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> {89A6F3EE-CBF8-4364-9BC8-50EBFC8B965C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGHP_enDE592

SearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> {9B31646B-E112-417E-AE47-69E9F8B7E664} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140711&p={SearchTerms}

SearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> {B9188BF5-58F9-4560-B53F-DF90D34AC35D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> {D5B064CD-968B-4C73-B946-2A52FB556F65} URL =

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-951699276-22072461-1913971103-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{DD8C502A-FC43-43C5-A992-F51630AF4414}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:

========

FF ProfilePath: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default

FF DefaultSearchEngine: Secure Search

FF SearchEngineOrder.1: Secure Search

FF SelectedSearchEngine: Secure Search

FF Homepage: www.google.com

FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US0D20140711&p=

FF NetworkProxy: "type", 4

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-951699276-22072461-1913971103-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-951699276-22072461-1913971103-1000: @talk.google.com/O1DPlugin -> C:\Users\bob\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-951699276-22072461-1913971103-1000: @tools.google.com/Google Update;version=3 -> C:\Users\bob\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-951699276-22072461-1913971103-1000: @tools.google.com/Google Update;version=9 -> C:\Users\bob\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\bob\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\bob\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF SearchPlugin: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\searchplugins\bing-zugo.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml

FF Extension: Google Shortcuts - C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\hnz5jvm9.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2012-02-19]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-16]

FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-08-23]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-16]

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-02-01]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-11]

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Translate) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-08-04]

CHR Extension: (Google Docs) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]

CHR Extension: (Google Drive) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-04]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-04]

CHR Extension: (YouTube) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-04]

CHR Extension: (Adblock Plus) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-22]

CHR Extension: (Adblock for Youtube™) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-16]

CHR Extension: (Google Search) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-04]

CHR Extension: (Gmail Offline) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-01-04]

CHR Extension: (SiteAdvisor) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-08-04]

CHR Extension: (Bookmark Manager) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-03]

CHR Extension: (Google Voice (by Google)) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-08-04]

CHR Extension: (Skype Click to Call) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-04]

CHR Extension: (FatWallet Express) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogoohcaeegmfbiijjanepaeaimohkmn [2014-11-22]

CHR Extension: (Google Wallet) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]

CHR Extension: (Gmail) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]

CHR Extension: (Economist Radio) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokaljfafjmhnoofahjignaelkgahpml [2014-09-16]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-29]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-29]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-06]

CHR HKLM-x32\...\Chrome\Extension: [phkobbdicefempkcpdbljeenfkokfpff] - C:\ProgramData\wxDownload\phkobbdicefempkcpdbljeenfkokfpff.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)

R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-09] (CrashPlan) [File not signed]

S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-26] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)

R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)

R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-11-04] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 0121361422554960mcinstcleanup; C:\windows\TEMP\012136~1.EXE -cleanup -nolog [X]

S2 HPSLPSVC; C:\Users\bob\AppData\Local\Temp\7zS7803\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)

R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )

S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)

R2 WinFLdrv; C:\Windows\SysWow64\WinFLdrv.sys [21888 2011-08-07] ()

S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]

S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 00:02 - 2015-01-30 00:02 - 00005389 _____ () C:\Users\bob\Desktop\AdwCleaner[S0].txt

2015-01-29 23:55 - 2015-01-30 00:00 - 00000000 ____D () C:\AdwCleaner

2015-01-29 23:54 - 2015-01-29 23:54 - 02194432 _____ () C:\Users\bob\Desktop\adwcleaner_4.109.exe

2015-01-29 23:31 - 2015-01-31 11:01 - 00000000 ____D () C:\Users\bob\Desktop\farber tool

2015-01-29 23:28 - 2015-01-29 23:28 - 00001169 _____ () C:\Users\bob\Downloads\fixlist.txt

2015-01-28 22:19 - 2015-01-15 22:46 - 00450918 _____ () C:\Users\bob\Desktop\hosts.txt

2015-01-28 20:52 - 2015-01-28 21:58 - 00004407 _____ () C:\Users\bob\Desktop\ESET.txt

2015-01-28 00:27 - 2015-01-28 00:27 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-28 00:26 - 2015-01-28 00:26 - 02347384 _____ (ESET) C:\Users\bob\Downloads\esetsmartinstaller_enu.exe

2015-01-27 23:32 - 2015-01-28 00:11 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-27 23:31 - 2015-01-27 23:31 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-27 23:31 - 2015-01-27 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-27 23:31 - 2015-01-27 23:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-27 23:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2015-01-27 23:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2015-01-27 23:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2015-01-27 23:27 - 2015-01-27 23:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\bob\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-27 23:13 - 2015-01-27 23:13 - 00001231 _____ () C:\Users\bob\Desktop\Revo Uninstaller.lnk

2015-01-27 23:13 - 2015-01-27 23:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-01-27 23:12 - 2015-01-27 23:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\bob\Downloads\revosetup.exe

2015-01-26 21:25 - 2015-01-26 21:25 - 00000000 ____D () C:\Users\bob\Desktop\FRST-OlderVersion

2015-01-23 23:39 - 2015-01-23 23:39 - 00559864 _____ () C:\windows\Minidump\012315-31434-01.dmp

2015-01-23 23:38 - 2015-01-23 23:38 - 709203600 _____ () C:\windows\MEMORY.DMP

2015-01-23 23:10 - 2015-01-23 23:11 - 00000000 ____D () C:\Users\bob\Desktop\tdsskiller

2015-01-23 23:08 - 2015-01-23 23:08 - 04176437 _____ () C:\Users\bob\Desktop\tdsskiller.zip

2015-01-23 23:06 - 2015-01-23 23:07 - 00003528 _____ () C:\Users\bob\Desktop\ark.txt

2015-01-23 23:04 - 2015-01-23 23:04 - 00003529 _____ () C:\Users\bob\Documents\gmer.log

2015-01-23 22:55 - 2015-01-23 22:55 - 00380416 _____ () C:\Users\bob\Downloads\kolvh9bl.exe

2015-01-22 22:12 - 2015-01-30 00:01 - 00192050 _____ () C:\windows\PFRO.log

2015-01-22 18:56 - 2015-01-31 11:02 - 00000000 ____D () C:\FRST

2015-01-22 08:42 - 2015-01-23 23:10 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\bob\Desktop\TDSSKiller.exe

2015-01-15 15:37 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll

2015-01-15 15:37 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys

2015-01-15 15:37 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-01-15 15:37 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll

2015-01-15 15:37 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe

2015-01-15 15:37 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll

2015-01-15 15:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2015-01-15 15:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2015-01-15 15:37 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll

2015-01-15 15:37 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2015-01-15 15:37 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll

2015-01-15 15:37 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll

2015-01-15 15:37 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

2015-01-06 19:32 - 2015-01-06 19:32 - 00000165 ____H () C:\Users\bob\Desktop\~$Class Scheduel - Copy.xlsx

2015-01-05 22:16 - 2015-01-31 11:00 - 00003538 _____ () C:\windows\setupact.log

2015-01-05 22:16 - 2015-01-05 22:16 - 00000000 _____ () C:\windows\setuperr.log

2015-01-03 18:42 - 2015-01-03 18:27 - 00450918 ____R () C:\windows\system32\Drivers\etc\hosts.20150103-184207.backup

2015-01-03 18:27 - 2014-11-04 13:30 - 00450860 _____ () C:\windows\system32\Drivers\etc\hosts.20150103-182724.backup

2015-01-03 18:25 - 2015-01-03 18:25 - 00000119 _____ () C:\windows\wininit.ini

2015-01-03 15:59 - 2015-01-03 15:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-03 15:57 - 2015-01-03 15:57 - 00001049 _____ () C:\Users\Public\Desktop\KeyFinder.lnk

2015-01-03 15:57 - 2015-01-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder

2015-01-03 15:57 - 2015-01-03 15:57 - 00000000 ____D () C:\Program Files (x86)\Magical Jelly Bean

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 11:01 - 2014-06-10 20:02 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-31 11:00 - 2014-07-11 10:49 - 01686191 _____ () C:\windows\WindowsUpdate.log

2015-01-31 11:00 - 2014-06-10 20:02 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-31 11:00 - 2013-04-05 18:35 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2015-01-31 11:00 - 2012-09-15 18:22 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000UA.job

2015-01-31 11:00 - 2012-09-15 18:22 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951699276-22072461-1913971103-1000Core.job

2015-01-30 00:11 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF

2015-01-30 00:10 - 2009-07-14 05:45 - 00040352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-30 00:10 - 2009-07-14 05:45 - 00040352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-30 00:06 - 2014-07-11 11:20 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk

2015-01-30 00:06 - 2014-07-11 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-01-30 00:01 - 2014-07-11 11:18 - 00000000 __RSD () C:\Users\bob\Documents\McAfee Vaults

2015-01-30 00:01 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-01-29 23:32 - 2012-12-02 22:16 - 00000000 ____D () C:\ProgramData\InstallMate

2015-01-29 19:22 - 2011-09-16 17:57 - 00000000 ____D () C:\Users\bob\Documents\Travel

2015-01-29 19:08 - 2014-07-11 11:15 - 00000000 ____D () C:\Program Files (x86)\McAfee

2015-01-29 19:02 - 2009-07-14 06:13 - 00799926 _____ () C:\windows\system32\PerfStringBackup.INI

2015-01-29 19:01 - 2014-10-18 13:59 - 00000000 ____D () C:\Users\bob\Documents\Course Work

2015-01-28 20:51 - 2011-08-14 02:47 - 00000000 ____D () C:\Users\bob\AppData\Local\CrashDumps

2015-01-28 11:24 - 2011-07-25 00:55 - 00127672 _____ () C:\Users\bob\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-28 00:08 - 2009-07-14 05:45 - 00526456 _____ () C:\windows\system32\FNTCACHE.DAT

2015-01-27 23:31 - 2012-12-24 00:27 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-26 21:27 - 2013-04-05 18:35 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2015-01-26 21:27 - 2013-04-05 18:35 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-26 21:27 - 2013-04-05 18:35 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2015-01-26 21:22 - 2011-08-05 08:36 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-01-26 21:22 - 2011-03-24 03:29 - 00000000 ____D () C:\ProgramData\Adobe

2015-01-24 19:35 - 2011-09-02 19:02 - 00000877 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2015-01-23 23:39 - 2013-03-28 11:40 - 00000000 ____D () C:\windows\Minidump

2015-01-23 23:09 - 2014-11-30 16:03 - 00000000 ____D () C:\Users\bob\AppData\Local\WinZip

2015-01-15 23:36 - 2013-07-20 21:42 - 00000000 ____D () C:\windows\system32\MRT

2015-01-15 23:25 - 2011-07-30 07:01 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2015-01-15 19:37 - 2013-10-23 02:16 - 00000000 ____D () C:\Users\bob\Documents\Afghanistan

2015-01-15 19:34 - 2011-08-15 15:47 - 00000000 ____D () C:\Users\bob\Documents\Misc

2015-01-13 17:05 - 2013-05-08 15:59 - 00000000 ____D () C:\Program Files\CrashPlan

2015-01-06 14:00 - 2012-12-27 18:57 - 00000000 ____D () C:\Users\bob\Documents\Germany

2015-01-04 13:18 - 2014-11-23 15:05 - 00000000 ____D () C:\Users\bob\Desktop\Curren trip

2015-01-03 18:25 - 2014-06-23 01:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-01-03 00:32 - 2011-07-27 09:53 - 00000000 ____D () C:\Users\bob\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2014-05-26 16:40 - 2014-06-22 23:40 - 0000036 _____ () C:\Users\bob\AppData\Roaming\WB.CFG

2012-08-25 11:08 - 2012-08-25 11:08 - 0017408 _____ () C:\Users\bob\AppData\Local\WebpageIcons.db

2011-12-25 22:01 - 2011-12-25 22:01 - 0000000 _____ () C:\Users\bob\AppData\Local\{2983B93D-B0C9-4CCB-A416-C35C3ABBAA39}

2014-05-04 18:36 - 2014-05-20 18:51 - 0002208 _____ () C:\ProgramData\GADump.txt

2011-08-13 13:47 - 2013-11-18 19:07 - 0014926 _____ () C:\ProgramData\hpzinstall.log

2012-03-14 14:59 - 2012-03-14 15:01 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:

====================

C:\Users\bob\AppData\Local\Temp\Quarantine.exe

C:\Users\bob\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-24 00:08

==================== End Of Log ============================

Link to post
Share on other sites

I tried a few things because my friend wanted to use his computer. They didn't help, but I hope they don't cause a problem for you. I followed steps 1-4 from this post (#5):

http://www.bleepingcomputer.com/forums/t/564096/no-internet-connection-after-adware-removal/

 

In step 5, I saw that in the LAN & both wireless adaptor properties, there were 2 extra entries from the picture shown, one hotspot shield and one virtual machine. Because hotspot shield was removed by Adware cleaner, could this be causing the problem?

 

Also, with hotspot shield- my friend actually uses this. Did we remove the entire program or just the added browser bars etc.? Is this program malware and if so, is there another free alternative?

 

Thanks again for your help.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.