Solved Help?? Every time i open a program i get a bad image error.

March 15, 2015 at 07:45:55
Specs: Windows 7
Every time i open a program i get a bad image error.
"globalroot\systemroot\system32\hjgruigfcwjfym.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support"

When I close this message the program works as per normal.
Its very anoying though!

Dennis

message edited by Phuketoptions


See More: Help?? Every time i open a program i get a bad image error.

Report •


#1
March 15, 2015 at 08:19:48
Your system is infected. Run a full scan for malware & viruses.

Report •

#2
March 15, 2015 at 08:30:22
✔ Best Answer
You will need to run several specialised programs to properly clean the system. Just to get the ball rolling:

MalwareBytes:
http://filehippo.com/download_malwa...
(green Download button top right - not anything else on the page)
Run the program but before doing the scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits".

ADWCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the Scan. You then have options to remove whatever it shows under each heading in the table that appears below, although it is usually safe to run "Cleaning".

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times but sit tight until it has finished.

Please copy/paste the logs on here because even if the symptoms are cured you are almost certain to still have things lurking around that require further cleaning.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#3
March 15, 2015 at 08:45:03
Thx Derek.

Starting now.

Dennis


Report •

Related Solutions

#4
March 15, 2015 at 09:05:27
Hi derek,

I ran the Malwarebytes and it detected alot ot issues.
Do I quarantine them all or do you want to look at the log first?

Dennis


Report •

#5
March 15, 2015 at 09:21:16
Let's have the log then quarantine them - thanks. I've never known MWB get anything wrong.

Then continue with the other two.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#6
March 15, 2015 at 09:57:24
Hi Derek,

Here are the log's of all 3
The problem seems to be solved though!
Woohoo!!!

# AdwCleaner v4.112 - Logfile created 15/03/2015 at 17:08:59
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\MiniApp
Folder Deleted : C:\ProgramData\AllSaiveRo
Folder Deleted : C:\ProgramData\BBesttSaaveForYou
Folder Deleted : C:\ProgramData\DEaaleExpress
Folder Deleted : C:\ProgramData\ExsTraCouupon
Folder Deleted : C:\ProgramData\Fun2Saaveo
Folder Deleted : C:\ProgramData\sAuvE neet
Folder Deleted : C:\ProgramData\1236f09b66f0399b
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\YourFileDownloader
Folder Deleted : C:\Users\User\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\User\AppData\Local\cool_mirage
Folder Deleted : C:\Users\User\AppData\Local\genienext
Folder Deleted : C:\Users\User\AppData\Local\globalUpdate
Folder Deleted : C:\Users\User\AppData\Local\Mobogenie
Folder Deleted : C:\Users\User\AppData\Local\SearchProtect
Folder Deleted : C:\Users\User\AppData\Local\torch
Folder Deleted : C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\User\AppData\Roaming\337Games
Folder Deleted : C:\Users\User\AppData\Roaming\baidu
Folder Deleted : C:\Users\User\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\User\AppData\Roaming\Systweak
Folder Deleted : C:\Users\User\AppData\Roaming\WebNavi
Folder Deleted : C:\Users\User\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\Extensions\shortcutff@gmail.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\Extensions\e.dt88h@h-yoiaq.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\Extensions\f58nbu@br-f.net
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\Extensions\mphgir8b@veui-aey.edu
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\Extensions\pts6.vqj@gjfmhvsf.co.uk
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\Extensions\ryjo8o@zf-yeoeh.org
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\Extensions\xclcm-t@jxbdx-t.co.uk
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\Extensions\zjcm@fvsk.net
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\User\daemonprocess.txt
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\searchplugins\ask-web-search.xml
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : ASP
Task Deleted : avayvaxvaa

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\Baidu
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Mozilla Firefox v

[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=E2463055-5C75-4985-9786-7A5001251F6D&n=780cbf3e&p2=^YK^xdm012^YYA^nl");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.0DN8JK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.32DSqR.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.NxDuRgEP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorob[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.TlYFHv.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.agLYAWLjMz.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumor[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.iLzk.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.ne[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.k_2UXOE63.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumoro[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=07B16F5E-5AED-4577-9688-D0892F14FC91&n=780cbdae&ind=2014100910&p2=^AN6^xdm055^YYA^nl&searchfor="[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.BUTTON_STRUCTURE", "[{\"b\":221349391,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221349392,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.defaultenginename.savedPrev", "true");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.defaultenginename.tb", "Ask Web Search");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.selectedEngine.savedPrev", "true");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.selectedEngine.tb", "Ask Web Search");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.startup.homepage.prev", "hxxp://home.tb.ask.com/index.jhtml?ptb=07B16F5E-5AED-4577-9688-D0892F14FC91&n=780cbdae&p2=^AN6^xdm055^YYA^nl");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.startup.homepage.savedPrev", "true");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=E2463055-5C75-4985-9786-7A5001251F6D&n=780cbf3e&p2=^YK^xdm012^YYA^nl");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.startup.page.savedPrev", 1);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.startup.page.tb", 1);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.firstKnownVersion", "6.72.4.54922");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=E2463055-5C75-4985-9786-7A5001251F6D&n=780cbf3e&p2=^YK^xdm012^YYA^nl");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.enabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.guardType", "HPR");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.initialized", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installKeysSource", "Cookies");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installType", "XPI");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.contextKey", "");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.installDate", "2014101310");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerId", "^YK^xdm012^YYA^nl");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerSubId", "");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.pixelUrl", "hxxp://download.totalrecipesearch.com/install_pixels.jhtml?partner=^YK^xdm012^YYA^nl&coId=01f963b852904d6abbbd1a529d6c7b30"[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.success", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.toolbarId", "E2463055-5C75-4985-9786-7A5001251F6D");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.isCompliantUninstallImplementation", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.lastActivePing", "1413358235500");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.lastKnownVersion", "6.72.4.54922");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.defaultSearch", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.homePageEnabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.keywordEnabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.tabEnabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.partnerPixelFired", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.successUrl", "hxxp://download.totalrecipesearch.com/installComplete.jhtml");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.toolbarCollapsed", false);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.weather.location", "10001");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.BUTTON_STRUCTURE", "[{\"b\":221348511,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221348512,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.browser.search.defaultenginename.savedPrev", "true");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.browser.search.defaultenginename.tb", "Ask Web Search");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.browser.search.selectedEngine.savedPrev", "true");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.browser.search.selectedEngine.tb", "Ask Web Search");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.browser.startup.homepage.prev", "hxxps://mail.google.com/mail/u/0/?pli=1#inbox");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.browser.startup.homepage.savedPrev", "true");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=07B16F5E-5AED-4577-9688-D0892F14FC91&n=780cbdae&p2=^AN6^xdm055^YYA^nl");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.browser.startup.page.savedPrev", 1);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.browser.startup.page.tb", 1);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.firstKnownVersion", "6.72.4.54272");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=07B16F5E-5AED-4577-9688-D0892F14FC91&n=780cbdae&p2=^AN6^xdm055^YYA^nl");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.hp.enabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.hp.guardType", "HPR");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.hp.user.defined", false);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.initialized", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.installKeysSource", "Cookies");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.installType", "XPI");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.installation.contextKey", "");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.installation.installDate", "2014100910");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.installation.partnerId", "^AN6^xdm055^YYA^nl");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.installation.partnerSubId", "");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.installation.pixelUrl", "hxxp://www.easyhomedecorating.com/install_pixels.jhtml?partner=^AN6^xdm055^YYA^nl&coId=9998875da7f6446983e25e3a149f146b");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.installation.success", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.installation.toolbarId", "07B16F5E-5AED-4577-9688-D0892F14FC91");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.isCompliantUninstallImplementation", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.lastActivePing", "1413358235566");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.lastKnownVersion", "6.72.4.54272");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.options.defaultSearch", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.options.homePageEnabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.options.keywordEnabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.options.tabEnabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.partnerPixelFired", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.searchHistory", "marketplatz nlsamsung galaxy note 4 nlgoogle search engine");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.successUrl", "hxxp://www.easyhomedecorating.com/installComplete.jhtml");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.toolbarCollapsed", false);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._73Members_.weather.location", "10001");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "totalrecipesearch@mindspark.com");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "totalrecipesearch@mindspark.com");
[ioyc6zw2.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=E2463055-5C75-4985-9786-7A5001251F6D&n=780cbf3e&ind=2014101310&p2=^YK^xdm012^YYA^nl&searchfor=");

-\\ Google Chrome v41.0.2272.89

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418675192&from=ild&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S115489554895&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418675192&from=ild&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S115489554895&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bmiabdepfhhiieiipmeecdmeljggmfee
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://isearch.omiga/?type=hppppp
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://isearch.omiga/?type=hppppp

-\\ Chromium v

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418675192&from=ild&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S115489554895&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418675192&from=ild&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S115489554895&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418675192&from=ild&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S115489554895&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418675192&from=ild&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S115489554895&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}

-\\ Chrome Canary v

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418675192&from=ild&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S115489554895&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418675192&from=ild&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S115489554895&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [25070 bytes] - [15/03/2015 17:07:41]
AdwCleaner[S0].txt - [27300 bytes] - [15/03/2015 17:08:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27360 bytes] ##########


Report •

#7
March 15, 2015 at 09:57:52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by User on Sun 15/03/2015 at 17:51:17.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DECB187F-B393-0F28-321A-3C437E890F45}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DECB187F-B393-0F28-321A-3C437E890F45}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DECB187F-B393-0F28-321A-3C437E890F45}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DECB187F-B393-0F28-321A-3C437E890F45}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Seaorch-NNewTab
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 15/03/2015 at 17:53:42.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#8
March 15, 2015 at 09:58:56
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/03/2015
Scan Time: 5:13:59 PM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.15.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 402002
Time Elapsed: 19 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 95
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\chrome, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\META-INF, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\plugins, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\TotalRecipeSearch_14, , [8b1e1c0699f187af83b41463b74cca36],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\chrome, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\META-INF, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\plugins, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\adapter, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\abstractbutton, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\abstractbutton\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\alert, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\alert\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedhtml, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedhtml\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedhtml\html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedhtml\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedscript, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedscript\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedscript\html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedscript\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\flare, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\flare\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\flare\icons, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\generic, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\generic\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\link, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\link\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\images, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\rss, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\rss\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\thirdparty, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\thirdparty\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\uninstall, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\uninstall\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\weather, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\weather\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\common, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\radio, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\radio\css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\radio\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\rss, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\rss\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\test, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\topapps, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\topapps\css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\topapps\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\weather, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\weather\css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\weather\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api\window, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\moviereviews, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\moviereviews\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\moviereviews\css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\moviereviews\html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\moviereviews\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio\css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio\foreground, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio\radioWrapper, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\search, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\search\background, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\search\html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\icons, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\native, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\native\libs, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\shared, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\_metadata, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\EasyHomeDecorating_73, , [d0d9fd25addd50e6906bb1c6f70c0df3],


Report •

#9
March 15, 2015 at 10:00:53
Files: 245
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\SearchProtectINT.exe, , [3c6da77b2466be7832e437119071817f],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Local\Temp\FreemakeVideoConverterFull.exe, , [3a6f061c6f1b2a0c8cb0d66320e10cf4],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abhcfceiempjmchhhdhbnkbimnfpckgl_0.localstorage, , [1a8f9191b4d6a4920821905ad330c63a],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abhcfceiempjmchhhdhbnkbimnfpckgl_0.localstorage-journal, , [397074ae58321f1758d1896132d1cf31],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_easyhomedecorating.dl.tb.ask.com_0.localstorage, , [54556eb48a006acc30fa15d520e32bd5],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_easyhomedecorating.dl.tb.ask.com_0.localstorage-journal, , [54551111e0aa75c1cb5fb03a6f94cf31],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\bootstrap.js, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\chrome.manifest, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\install.rdf, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\install_old.rdf, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\chrome\14ffxtbr.jar, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\META-INF\manifest.mf, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\META-INF\zigbert.rsa, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\META-INF\zigbert.sf, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\plugins\NativeMessagingDispatcher.dll, , [b8f182a03753ee4814e3205434cff010],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\TotalRecipeSearch_14\E2463055-5C75-4985-9786-7A5001251F6D.sqlite, , [8b1e1c0699f187af83b41463b74cca36],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\bootstrap.js, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\chrome.manifest, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\install.rdf, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\install_old.rdf, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\chrome\73ffxtbr.jar, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\META-INF\manifest.mf, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\META-INF\zigbert.rsa, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\META-INF\zigbert.sf, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com\plugins\NativeMessagingDispatcher.dll, , [d3d6061c513953e367922651ba49bf41],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\bg.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\buildVars, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\buildVars.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\companionSW.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\config.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\contentScript.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\contentScript.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\debug.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\debug.jade, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\extension_toolbar_api.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\initWidgetWindow.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\manifest.json, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\newTabContentScript.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\options.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\spent.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\spent.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\spent.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\spent2.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\spent2.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\spentJ.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\spentK.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\spentK.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\startup.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\stub.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\stubby.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\superFrame.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\toolbar.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\toolbar.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\toolbarUI.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\toolbarUI.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\toolbarUI.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\url.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\adapter\adapterUtil.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\adapter\widget-adapter.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\abstractbutton\background\abstractButton.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\alert\background\alertButton.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedhtml\background\embedHtmlWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedhtml\html\embedHtmlTemplate.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedhtml\js\embedHtmlUI.js, , [8524da488604a59103f7e691cc372ed2],

Report •

#10
March 15, 2015 at 10:01:24
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedscript\background\embedScriptWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedscript\html\embedScriptTemplate.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\embedscript\js\embedScriptUI.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\flare\background\FlareWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\flare\icons\Icon_Flare_blue.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\flare\icons\Icon_Flare_pink.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\flare\icons\Thumbs.db, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\generic\background\GenericWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\link\background\linkButton.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\README.txt, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\background\menuButton.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\css\menuframe.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\html\menuframe.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\images\right_arrow.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\images\right_arrow_white.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\js\jquery-1.7.1.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\js\menuframe.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\js\query-string.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\menu\js\underscore-1.3.1.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\rss\background\RssWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\thirdparty\background\thirdPartyWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\uninstall\background\uninstallButton.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\components\weather\background\weatherButton.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\bs.30.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\common.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\dynamic.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\enableDetect.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\eventListening.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\global.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\jquery-1.7.1.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\list-interaction.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\messageEventListener.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\navRedirector.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\paramReplacer.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\PartnerId.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\set.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\underscore-1.3.1.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\underscore-1.5.2.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\js\unifiedLogging.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widget-context-1.0.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\common\common.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\common\eventListening.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\common\list-interaction.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\common\set.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\radio\radio-widget.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\radio\css\radio-widget.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\radio\js\radio-custom.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\radio\js\radio-parser.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\radio\js\radio-widget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\rss\rssWidget.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\rss\js\rss-widget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\test\invalid.json, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\test\jquery.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\test\qunit.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\test\qunit.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\test\resource.json, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\test\resource.xml, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\test\testWidget.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\test\testWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\topapps\widget.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\topapps\css\widget.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\topapps\js\topapps-config.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\topapps\js\widget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\weather\weatherButton.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\weather\css\weatherButton.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\common\widget-api\widgets\weather\js\weather.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api\background\ApiBasedWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api\background\widget-api-impl.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api\window\hiddenWidgetWindow.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api\window\hiddenWidgetWindow.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api\window\hiddenWidgetWindowInit.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api\window\widgetWindow.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\api\window\widgetWindow.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\background\updateSearch.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\background\updateSearchPromptBg.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\07_buttons2.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\08_buttons2.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\defaultSearchModal.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\tvf_btn_ok.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\tvf_btn_ok2.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\tvf_restart_icon.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\defaultSearch\foreground\updateSearchPromptFg.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\moviereviews\background\MovieReviewsWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\moviereviews\css\movieReviews.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\moviereviews\html\movieReviews.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\moviereviews\js\movieReviews.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio\background\RadioWidget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio\css\toolbar-item.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio\foreground\button.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio\radioWrapper\radioWrapper.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\radio\radioWrapper\radioWrapper.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\search\background\searchBox.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\search\html\searchSuggestions.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\search\html\searchSuggestions.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\search\html\searchSuggestions.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\search\html\searchSuggestionsInit.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\css\supertab.css, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\html\supertab.html, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\js\newtabfork.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\js\reporting.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\js\srchsugg.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\js\supertab.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\js\unifiedLogging.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\components\supertab\js\__utm.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\icons\arrowSprite.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\icons\icon128.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\icons\icon16.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\icons\icon19disabled.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\icons\icon19on.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\icons\icon48.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\icons\tb_icon_search_disappearing_ask.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\222122439.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\222122442.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\222122464.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\222122471.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\222122475.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\222122477.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\222122523.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\222122538.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\222122565.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\down_arrow.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\IDR_PRODUCT_LOGO_16.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\IDR_WEBSTORE_ICON.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\magnifying_glass.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\RadioPlayerSprite.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\search_button.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\tvf_icon_guide.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\tvf_logo.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\images\wrench.png, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\chromeUtils.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\exeManager.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\exeManagerNMD.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\exePackageManager.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\focusManager.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\globalBlacklistManager.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\messaging.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\mutation_summary-min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\mutation_summary.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\nativeMessagingDispatcher.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\newTabInfo.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\newTabInitialize.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\options.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\readLocalStorage.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\reservespacefortoolbar.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\reservespaceifenabled.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\scriptInjector.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\searchContext.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\settingsOverrides.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\toolbarCookieParser.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\toolbarPreinit.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\underscore-1.3.1.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\URILoaderContentScript.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\Widget.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\widgetContentScriptInjectee.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\widgetFactory.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\js\widgetWindowManager.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\native\cache.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\native\ce.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\native\debug.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\native\ss.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\native\libs\jquery-1.7.1.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\native\libs\jquery-1.9.1.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\native\libs\underscore-1.5.2.min.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\shared\HttpURL.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\shared\rsvp-latest.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\shared\unifiedLogging.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\shared\universalConsole.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\shared\utils.js, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcfceiempjmchhhdhbnkbimnfpckgl\12.9.6.9510_0\_metadata\verified_contents.json, , [8524da488604a59103f7e691cc372ed2],
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\EasyHomeDecorating_73\07B16F5E-5AED-4577-9688-D0892F14FC91.sqlite, , [d0d9fd25addd50e6906bb1c6f70c0df3],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#11
March 15, 2015 at 10:02:01
the Malwarebytes log I had to do in 3 messages

Report •

#12
March 15, 2015 at 10:11:48
"The problem seems to be solved though"
Looking at those three logs I feel certain that although the symptoms have gone your computer is still likely to be far from clean.

We have a helper on here (Johnw) who specialises on fully cleaning a computer. I will alert him to this post but he is in Perth Australia and unlikely to be around for 5 or 6 hours. Assuming he is in a position to assist then I would strongly recommend you run with whatever he suggests. I suspect several more focussed programs will need to be run and it would probably be wise to minimise your computer use until that time.

That's what I meant earlier by "get the ball rolling", so it is good to hear that a fair amount of progress has been made in the meantime.

Always pop back and let us know the outcome - thanks


Report •

#13
March 15, 2015 at 10:13:51
Thx Derek,

I am very grateful

Best wishes

Dennis


Report •

#14
March 15, 2015 at 14:51:51
Hi Dennis. nice work so far, here is the next step.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#15
March 15, 2015 at 23:40:23
http://www40.zippyshare.com/v/r2FHm...
http://www40.zippyshare.com/v/LbwP6...


Hi John,

Thank you very much for your time.

Dennis

message edited by Phuketoptions


Report •

#16
March 16, 2015 at 00:10:44
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
CustomCLSID: HKU\S-1-5-21-383172599-3657964244-1327113100-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InprocServer32 -> C:\Users\User\AppData\Roaming\webnavi\nvi64.dll No File
CustomCLSID: HKU\S-1-5-21-383172599-3657964244-1327113100-1000_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InprocServer32 -> C:\Users\User\AppData\Roaming\webnavi\nvi64.dll No File
AlternateDataStreams: C:\Users\User\Desktop\Dennis.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\User\Downloads\noname.eml:OECustomProperty
HKU\S-1-5-21-383172599-3657964244-1327113100-1000\...\MountPoints2: {9b2ead6c-726f-11e2-acb9-bc5ff489a9df} - E:\WIN\setup.exe
HKU\S-1-5-21-383172599-3657964244-1327113100-1000\...\MountPoints2: {f4996c6e-7186-11e2-adb8-806e6f6e6963} - D:\ASRSetup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: YoutubeAdblocker -> {DECB187F-B393-0F28-321A-3C437E890F45} -> C:\Program Files (x86)\YoutubeAdblocker\zowK.x64.dll No File
Toolbar: HKU\S-1-5-21-383172599-3657964244-1327113100-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\shortcutff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S2 DisplayFusionService; "C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 cpuz130; \??\C:\Users\User\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]
U2 TMAgent; No ImagePath
R3 WinRing0_1_2_0; \??\C:\Users\User\AppData\Local\Temp\tmp2F59.tmp [X]

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#17
March 16, 2015 at 05:38:48
Hi John,

Thank you for your help.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by User at 2015-03-16 13:31:23 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
CustomCLSID: HKU\S-1-5-21-383172599-3657964244-1327113100-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InprocServer32 -> C:\Users\User\AppData\Roaming\webnavi\nvi64.dll No File
CustomCLSID: HKU\S-1-5-21-383172599-3657964244-1327113100-1000_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InprocServer32 -> C:\Users\User\AppData\Roaming\webnavi\nvi64.dll No File
AlternateDataStreams: C:\Users\User\Desktop\Dennis.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\User\Downloads\noname.eml:OECustomProperty
HKU\S-1-5-21-383172599-3657964244-1327113100-1000\...\MountPoints2: {9b2ead6c-726f-11e2-acb9-bc5ff489a9df} - E:\WIN\setup.exe
HKU\S-1-5-21-383172599-3657964244-1327113100-1000\...\MountPoints2: {f4996c6e-7186-11e2-adb8-806e6f6e6963} - D:\ASRSetup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: YoutubeAdblocker -> {DECB187F-B393-0F28-321A-3C437E890F45} -> C:\Program Files (x86)\YoutubeAdblocker\zowK.x64.dll No File
Toolbar: HKU\S-1-5-21-383172599-3657964244-1327113100-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\shortcutff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com [Not Found]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S2 DisplayFusionService; "C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 cpuz130; \??\C:\Users\User\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]
U2 TMAgent; No ImagePath
R3 WinRing0_1_2_0; \??\C:\Users\User\AppData\Local\Temp\tmp2F59.tmp [X]
*****************

Processes closed successfully.
"HKU\S-1-5-21-383172599-3657964244-1327113100-1000_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}" => Key deleted successfully.
"HKU\S-1-5-21-383172599-3657964244-1327113100-1000_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}" => Key deleted successfully.
C:\Users\User\Desktop\Dennis.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\User\Downloads\noname (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\User\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.
"HKU\S-1-5-21-383172599-3657964244-1327113100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b2ead6c-726f-11e2-acb9-bc5ff489a9df}" => Key deleted successfully.
HKCR\CLSID\{9b2ead6c-726f-11e2-acb9-bc5ff489a9df} => Key not found.
"HKU\S-1-5-21-383172599-3657964244-1327113100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4996c6e-7186-11e2-adb8-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{f4996c6e-7186-11e2-adb8-806e6f6e6963} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DECB187F-B393-0F28-321A-3C437E890F45}" => Key deleted successfully.
"HKCR\CLSID\{DECB187F-B393-0F28-321A-3C437E890F45}" => Key deleted successfully.
HKU\S-1-5-21-383172599-3657964244-1327113100-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => Moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\shortcutff@gmail.com not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\73ffxtbr@EasyHomeDecorating_73.com not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ioyc6zw2.default\extensions\14ffxtbr@TotalRecipeSearch_14.com not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Freemake Improver => Service deleted successfully.
Amsp => Service deleted successfully.
DisplayFusionService => Service deleted successfully.
BprotectEx => Service deleted successfully.
cpuz130 => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
massfilter => Service deleted successfully.
massfilter_lte => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
TMAgent => Service deleted successfully.
WinRing0_1_2_0 => Service stopped successfully.
WinRing0_1_2_0 => Service deleted successfully.
EmptyTemp: => Removed 7.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 13:32:58 ====


Best wishes,

Dennis


Report •

#18
March 16, 2015 at 05:47:25
Are you able to stay with me Dennis, if so I won't go to bed now.

Report •

#19
March 16, 2015 at 05:50:44
yes I am here still

Report •

#20
March 16, 2015 at 05:54:56
Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.

Report •

#21
March 16, 2015 at 06:03:46
OK done.

RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Administrator]
Started from : C:\Users\User\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/16/2015 14:03:01

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 195.121.1.34 195.121.1.66 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 195.121.1.34 195.121.1.66 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 195.121.1.34 195.121.1.66 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{72F0A8EB-A658-4D49-BB9E-F656CEF81805} | DhcpNameServer : 195.121.1.34 195.121.1.66 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D7675019-68B3-4906-B72A-CC370945259A} | DhcpNameServer : 203.113.7.130 203.113.5.130 [THAILAND (TH)][THAILAND (TH)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{72F0A8EB-A658-4D49-BB9E-F656CEF81805} | DhcpNameServer : 195.121.1.34 195.121.1.66 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D7675019-68B3-4906-B72A-CC370945259A} | DhcpNameServer : 203.113.7.130 203.113.5.130 [THAILAND (TH)][THAILAND (TH)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{72F0A8EB-A658-4D49-BB9E-F656CEF81805} | DhcpNameServer : 195.121.1.34 195.121.1.66 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D7675019-68B3-4906-B72A-CC370945259A} | DhcpNameServer : 203.113.7.130 203.113.5.130 [THAILAND (TH)][THAILAND (TH)] -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 14 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sea.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sjc0.adobe.com

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] ioyc6zw2.default : shortcut [shortcutff@gmail.com] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA WDC WD10EZEX-00Z SCSI Disk Device +++++
--- User ---
[MBR] 6d75059345b0eb3bf53bfaca3f648284
[BSP] fa2614537520ffc3a12dbd5b1a318eba : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03162015_140145.log


Report •

#22
March 16, 2015 at 06:09:28
Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#23
March 16, 2015 at 06:40:45
http://www6.zippyshare.com/v/Vq1Tud...

Thank you


Report •

#24
March 16, 2015 at 06:43:44
Nearly finished. Let me know if you have to go please.

Update & run Malwarebytes again please.
"Rootkits: Enabled'
This can be disabled now.
Why is scan for rootkit off by default?
https://helpdesk.malwarebytes.org/h...
Copy & Paste the contents of the log please.


Report •

#25
March 16, 2015 at 06:46:17
no im fine.
Hope you are not too tired

Report •

#26
March 16, 2015 at 06:51:54
"Hope you are not too tired"
Nope, I'm usually an early riser shall probably sleep in, had 10 hours sleep last night, renovating the house, nothing major, but hard when you have the learn as you go.

Report •

#27
March 16, 2015 at 06:57:27
10 hours sleep WOW. I wake up after 6 and have to get up.
anyway here is the log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/03/2015
Scan Time: 2:46:41 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.16.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426516
Time Elapsed: 8 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#28
March 16, 2015 at 06:58:32
Combofix found a lot more than I expected, there was heaps lurking.

Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#29
March 16, 2015 at 07:15:27
ok done.

i dont use Chrome anymore
I dont use trent anymore
and the Jave update is sitting there to be done


Results of screen317's Security Check version 0.99.98
Windows 7 Service Pack 1 x64 [color=red][b](UAC is disabled!)[/b][/color]
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
[color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color]
Windows Firewall Enabled!
Avira Desktop
Microsoft Security Essentials
Trend Micro Titanium
[color=red][b]Antivirus out of date![/b][/color] (On Access scanning [b]disabled[/b]!)
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Java 7 Update 67
[color=red][b]Java version 32-bit out of Date![/b][/color]
[b][color=green] Java 64-bit 8 Update 31[/b][/color]
Adobe Flash Player 16.0.0.305
Google Chrome 34.0.1847.131 [color=red][b] Google Chrome out of date![/b][/color]
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 0%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#30
March 16, 2015 at 07:16:19
Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

Report •

#31
March 16, 2015 at 07:21:55
Should I remove the programs I don't use anymore.


# DelFix v10.9 - Logfile created 16/03/2015 at 15:19:42
# Updated 27/02/2015 by Xplode
# Username : User - USER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\User\Desktop\Addition.txt
Deleted : C:\Users\User\Desktop\AdwCleaner.exe
Deleted : C:\Users\User\Desktop\ComboFix.exe
Deleted : C:\Users\User\Desktop\combofix.txt
Deleted : C:\Users\User\Desktop\Fixlog.txt
Deleted : C:\Users\User\Desktop\FRST.txt
Deleted : C:\Users\User\Desktop\FRST64.exe
Deleted : C:\Users\User\Desktop\JRT.exe
Deleted : C:\Users\User\Desktop\RogueKiller.exe
Deleted : C:\Users\User\Desktop\SecurityCheck.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #297 [Windows Update | 03/08/2015 07:13:45]
Deleted : RP #298 [Windows Update | 03/09/2015 20:18:51]
Deleted : RP #299 [Windows Update | 03/11/2015 19:02:06]
Deleted : RP #300 [Restore Operation | 03/14/2015 07:03:25]
Deleted : RP #301 [Windows Update | 03/15/2015 11:55:04]
Deleted : RP #302 [Restore Operation | 03/15/2015 15:13:03]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


Report •

#32
March 16, 2015 at 07:26:47
You read my mind Dennis, all those are in your logs.
We need to uninstall everything fully that is not being used.
Use this 2 step program to uninstall, Trend, Avira etc.

I use Microsoft Security Essentials.

Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...

Delfix has now removed all the nasties from System restore.

You followed instructions beautifully Dennis, I shall wrap it up for tonight, shall catch up with you in the morning, to see if you have any more issues.
John in Perth.
http://www.timeanddate.com/worldclo...

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Extract from your fixlist.
EmptyTemp: => Removed 7.1 GB temporary data.
Way, way to much, even for a gamer.
Set all your browser Temp file settings to 50mb ( that's MB, not GB )
Java, set to 100mb.

Chrome is not as straight forward.

How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

Here is how the USER got into this mess, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.



Report •

#33
March 17, 2015 at 05:45:32
Hi John,

The machine is working beautifully again.
I am very grateful for your help and time you have given me.
I am in the Netherlands at the moment, but will be moving back to Phuket Thailand at the end of the year. If there is anything I can help you with or if you want to come to Phuket on holidays, please don't hesitate to contact me.

Dennis

message edited by Phuketoptions


Report •

#34
March 17, 2015 at 07:25:17
Dennis
Glad to hear you are all sorted now.

Best edit out that email address though because the spammers engines find them on open forums etc and you could get increasing junk email forever.

If you want to give John your email address do it via your "Private Message Center", which is safe. This should find it if you are not sure how:
http://www.computing.net/cgi-bin/my...
Messages on there are case sensitive.

Always pop back and let us know the outcome - thanks


Report •

#35
March 17, 2015 at 07:31:00
Thanks Derek

The same gratitude and offer comes your way offcourse


Report •

#36
March 17, 2015 at 16:11:45
"If you want to give John your email address do it via your "Private Message Center", which is safe"
Thanks Derek, Dennis did send a PM.

Report •


Ask Question