Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91520 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Adobe Flashruntime and script errors [Solved]


  • This topic is locked This topic is locked
16 replies to this topic

#1 poporacer

poporacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 06 July 2014 - 09:41 PM

My daughter "somehow" infected her computer. I think she was at a music share site. I installed and ran MalwareBytes to be able to install DDS.

 

The computer continually gets a pop up about Adobe Flashruntime but I don't think this is a legitamate file so I don't allow. Her computer also get continuous script errors.

 

Here is the Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/6/2014
Scan Time: 7:32:59 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.06.08
Rootkit Database: v2014.07.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291879
Time Elapsed: 8 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.AdPeak.A, C:\Program Files\004\rqpbhevlkc32.exe, 3780, Delete-on-Reboot, [da763666bcbfde58c5488b385ca61be5]

Modules: 0
(No malicious items detected)

Registry Keys: 18
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [d8787824e794ee48d26aaea01be79967],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [d8787824e794ee48d26aaea01be79967],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-21-839326510-57501807-3467598524-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [d8787824e794ee48d26aaea01be79967],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-839326510-57501807-3467598524-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [6ee24d4ffb80ae8843ba14382ad88d73],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [6ee24d4ffb80ae8843ba14382ad88d73],
PUP.Optional.GreatSaver.A, HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}, Quarantined, [4e02c6d67efdcd6931d98bc70101bf41],
PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rqpbhevlkc32, Quarantined, [da763666bcbfde58c5488b385ca61be5],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\Coupon Downloader, Quarantined, [ca861488adce00368a4d2b97649eec14],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\CouponDownloader, Quarantined, [df7197054e2df93d9a3e4082e12103fd],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, Quarantined, [d87864384d2edd59a0a92392946e7e82],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [a6aa8517a5d6132322b81cbfc04231cf],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Coupon Downloader, Quarantined, [143cd8c4c9b2e4529745e2e0dd25da26],
PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}, Quarantined, [014fcdcfbac1ca6cc4b7c3f139c9b848],
PUP.Optional.CouponDownloader.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CouponDownloaderService, Quarantined, [f45c801cb4c7aa8c06d0556d39c9ae52],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, Quarantined, [0b45eab2c5b6d95d0acfb40ecb3726da],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-839326510-57501807-3467598524-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [c7890b917cff79bddffa568520e22dd3],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-839326510-57501807-3467598524-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [98b8f7a56b102610f4699b3ef2100af6],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-839326510-57501807-3467598524-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [6ee2ebb197e4a5915c0fdd12fc07ce32],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-839326510-57501807-3467598524-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr1L2Q1C, Quarantined, [6ee2ebb197e4a5915c0fdd12fc07ce32]

Registry Data: 3
PUP.Optional.FastAndSafe.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~1\google\google~2\goec62~1.dll  c:\progra~2\fastan~1\fastan~1.dll, Good: (), Bad: (c:\progra~2\fastan~1\fastan~1.dll),Replaced,[0a46bbe11863ba7c0b34ddd38f738d73]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearc...cr=559955172=, Good: (www.google.com), Bad: (http://start.mysearc...6a7dfb5679ddf21]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-839326510-57501807-3467598524-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearc...cr=559955172=, Good: (www.google.com), Bad: (http://start.mysearc...af25044cf35a759]

Folders: 45
PUP.Optional.AdPeak.A, C:\temp, Quarantined, [b7990e8e8deeec4a644f8a30fe040bf5],
Rogue.Multiple, C:\ProgramData\2308189059, Quarantined, [cd83d1cbbcbfce685d62c8c1808233cd],
PUP.Optional.MySearchDial.A, C:\Users\owner\AppData\Roaming\MySearchDial, Quarantined, [3a16a6f653283ef8cd8998014cb66b95],
PUP.Optional.MySearchDial.A, C:\Users\owner\AppData\Roaming\MySearchDial\UpdateProc, Quarantined, [3a16a6f653283ef8cd8998014cb66b95],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\browser, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\browser\misc, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\newtab, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\external, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\icons, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\resources, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\chrome, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\favorites, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\info, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\review, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\ar, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\de, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\en, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\es, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\fr, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\he, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\it, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\ja, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\nl, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\pl, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\pt_BR, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\ru, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\tr, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [430d623a7b0059dd1f360e98ea1846ba],
PUP.Optional.FastAndSafe.A, C:\ProgramData\Fast And Safe, Delete-on-Reboot, [0a46bbe11863ba7c0b34ddd38f738d73],

Files: 186
PUP.Optional.CouponDownloader.A, C:\temp\t_ff.exe, Quarantined, [d080edaf96e5af875bfd093a57a9cd33],
PUP.Optional.CouponDownloader.A, C:\temp\t_ie.exe, Quarantined, [47096a3298e30c2a93c54003ee12659b],
PUP.Optional.CouponDownloader.A, C:\Users\owner\AppData\Local\Temp\nsz8FBB.tmp.exe, Quarantined, [98b81f7dbfbc7bbbef69b0938e727c84],
PUP.Optional.CouponDownloader.A, C:\Users\owner\AppData\Local\Temp\is1242154493\240682469_stp\coupondownloader.exe, Quarantined, [341c7c20037883b3d0b597e9e91bb54b],
PUP.Optional.PersonalCleaner, C:\Users\owner\Downloads\FileOpenerSetup.exe, Quarantined, [044c4458aad1c57125ba8204000455ab],
PUP.Optional.MySearchDial.A, C:\Windows\System32\Tasks\MySearchDial, Quarantined, [95bb13890378be78c42e3d787e84ed13],
PUP.Optional.MySearchDial.A, C:\Windows\Tasks\MySearchDial.job, Quarantined, [9bb5a5f7582385b1b10aac0bb54d10f0],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Quarantined, [b7990e8e8deeec4a644f8a30fe040bf5],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, Quarantined, [b7990e8e8deeec4a644f8a30fe040bf5],
PUP.Optional.AdPeak.A, C:\Program Files\004\rqpbhevlkc32.exe, Delete-on-Reboot, [da763666bcbfde58c5488b385ca61be5],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage, Quarantined, [3b15e7b5dc9fe2540cb710fb030105fb],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage-journal, Quarantined, [2e22801c9eddc5710eb559b2bb49c53b],
PUP.Optional.MySearchDial.A, C:\Users\owner\AppData\Roaming\MySearchDial\UpdateProc\config.dat, Quarantined, [3a16a6f653283ef8cd8998014cb66b95],
PUP.Optional.MySearchDial.A, C:\Users\owner\AppData\Roaming\MySearchDial\UpdateProc\info.dat, Quarantined, [3a16a6f653283ef8cd8998014cb66b95],
PUP.Optional.MySearchDial.A, C:\Users\owner\AppData\Roaming\MySearchDial\UpdateProc\STTL.DAT, Quarantined, [3a16a6f653283ef8cd8998014cb66b95],
PUP.Optional.MySearchDial.A, C:\Users\owner\AppData\Roaming\MySearchDial\UpdateProc\TTL.DAT, Quarantined, [3a16a6f653283ef8cd8998014cb66b95],
PUP.Optional.MySearchDial.A, C:\Users\owner\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe, Quarantined, [3a16a6f653283ef8cd8998014cb66b95],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\manifest.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\browser\background.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\browser\background.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\browser\misc\screenshot.inject.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data\favorites_de.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data\favorites_en_gb.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data\favorites_en_us.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data\favorites_fr.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data\favorites_he.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data\favorites_it.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data\favorites_pt_br.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data\favorites_ru.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\data\favorites_tr.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\angular.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\crypto-js.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\jquery-2.1.0.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\jquery.autocomplete.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\jquery.balloon.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\jquery.fittext.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\jquery.Jcrop.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\jquery.simplecolorpicker.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\mustache.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\string.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\external\underscore-min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\newtab\gallery.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\newtab\gallery.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\newtab\newtab.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\newtab\newtab.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\newtab\review.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\content\newtab\review.min.js, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\external\foundation.min.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\external\indicator.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\external\Jcrop.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\external\jquery.autocomplete.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\external\jquery.Jcrop.min.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\external\jquery.simplecolorpicker.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\external\normalize.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery\arrow-gallery-cat-selected.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery\arrow.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery\emptyArea.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery\gallery.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery\gallery_templates.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery\icon-gallery-search.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery\not_available_32.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery\plus.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\gallery\X.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\icons\128.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\icons\16.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\icons\48.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\css\buttons.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\css\footer.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\css\header.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\css\list.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\css\newtab.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\css\search.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\css\themes.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-layout.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\ajax-loader-2.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\ajax-loader-bar.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\ajax-loader-medium.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\ajax-loader-small.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\ajax-loader.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\arrow-footer.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\arrow-header.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\attachment.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\close-bar2.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\close.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\edit-button.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-apps-dark.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-apps.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-chrome.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-close.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-contents-light.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-contents.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-edit.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-plus-dark.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-plus.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-right.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-search.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-settings.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\icon-theme.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\menu_v.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\menu_v_white.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\provider.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\x-button.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\arab_tile.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\batthern_@2X.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\bo_play_pattern_@2X.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\dark_wood_@2X.jpg, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\diagonal_striped_brick.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\escheresque_ste_@2X.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\gold_scale.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\purty_wood_@2X.jpg, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\readme.txt, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\starring_@2X.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\tileable_wood_texture_@2X.jpg, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\weave_@2X.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\wild_oliva_@2X.jpg, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\images\patterns\woven.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\resources\groups.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\resources\list.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\newtab\resources\menu.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\activetabs.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\favorites.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\layout.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\modal-fav-add.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\modal-fav-edit.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\modal-fav-group.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\readitlater.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\recentlyclosed.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\theme.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\css\webapps.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\chrome\bookmarks.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\chrome\download.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\chrome\downloads.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\chrome\downloas.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\chrome\extensions.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\chrome\history.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\chrome\settings.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\chrome\trash.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\favorites\empty.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\favorites\error.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\favorites\shadow.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\info\contactus.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\info\facebook.ico, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\info\rateus.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\images\info\twitter.ico, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\activetabs.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\favorites.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\layout.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\modal-fav-add.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\modal-fav-edit.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\modal-fav-group.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\readitlater.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\readitlater_content.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\readitlater_menu.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\recentlyclosed.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\theme.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\webapps.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\plugins\resources\webapps_contextmenu.html, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\review\cat_1.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\review\cat_2.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\review\cat_3.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\review\cat_4.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\review\cat_5.gif, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\review\rating-star.png, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\skin\review\review.css, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\ar\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\de\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\en\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\es\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\fr\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\he\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\it\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\ja\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\nl\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\pl\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\pt_BR\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\ru\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_1\_locales\tr\messages.json, Quarantined, [d080792397e4fa3c75dc0696d32fe11f],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000005.ldb, Quarantined, [430d623a7b0059dd1f360e98ea1846ba],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000006.log, Quarantined, [430d623a7b0059dd1f360e98ea1846ba],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, Quarantined, [430d623a7b0059dd1f360e98ea1846ba],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, Quarantined, [430d623a7b0059dd1f360e98ea1846ba],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, Quarantined, [430d623a7b0059dd1f360e98ea1846ba],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG.old, Quarantined, [430d623a7b0059dd1f360e98ea1846ba],
PUP.Optional.MySpeedDial.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000004, Quarantined, [430d623a7b0059dd1f360e98ea1846ba],
PUP.Optional.FastAndSafe.A, C:\ProgramData\Fast And Safe\FastAndSafe.dll, Delete-on-Reboot, [0a46bbe11863ba7c0b34ddd38f738d73],
PUP.Optional.FastAndSafe.A, C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll, Delete-on-Reboot, [0a46bbe11863ba7c0b34ddd38f738d73],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Here is the DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16982
Run by owner at 19:43:39 on 2014-07-06
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.3069.1456 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\004\rqpbhevlkc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uWindow Title = Internet Explorer provided by Dell
mStart Page = www.google.com
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071228
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\program files\mcafee\msk\mcapbho.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8B133340-D93D-4C43-A697-583DEE30F7C3} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= c:\progra~1\google\google~2\goec62~1.dll 
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-27 201288]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-6-12 47488]
R2 64af91bf;Fast And Safe;c:\windows\system32\rundll32.exe [2006-11-2 44544]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-6 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-6 860472]
R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-12-27 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-12-27 144704]
R2 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-12-27 5632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-6 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-6 110296]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-12-27 695624]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-27 79304]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-27 35240]
R3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-12-27 33800]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-12-27 40488]
RUnknown rqpbhevlkc32;rqpbhevlkc32; [x]
S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
SUnknown CouponDownloaderService;CouponDownloaderService; [x]
.
=============== Created Last 30 ================
.
2014-07-07 02:31:40 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-07 02:30:02 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-07 02:30:02 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-07 02:30:02 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-07 02:30:01 -------- d-----w- c:\programdata\Malwarebytes
2014-07-07 02:30:01 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-07 02:24:02 -------- d-----w- c:\programdata\Fast And Safe
2014-07-02 22:12:51 -------- d-----w- c:\program files\7B0A8368-1A6F-48A5-B236-8BD61816B3F9
2014-06-14 17:25:50 -------- d-----w- c:\programdata\NortonInstaller
2014-06-14 17:24:38 -------- d-----w- c:\users\owner\appdata\roaming\1H1Q
2014-06-14 17:24:26 -------- d-----w- c:\program files\004
2014-06-12 19:05:34 47488 ----a-w- c:\windows\system32\drivers\netfilter.sys
.
==================== Find3M  ====================
.
2014-05-14 00:08:12 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 00:08:12 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 19:44:49.69 ===============
 

Thanks for your help!


Edited by poporacer, 06 July 2014 - 09:44 PM.

    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 07 July 2014 - 03:43 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please post the attach.txt as well and do the following:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 

#3 poporacer

poporacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 07 July 2014 - 06:15 PM

Here is the Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/27/2007 9:16:06 AM
System Uptime: 7/6/2014 7:21:24 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0TP406
Processor: Intel® Core™2 Quad CPU    Q6600  @ 2.40GHz | CPU | 2393/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 205.499 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 4.567 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 13 ActiveX
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.0
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Bonjour
Browser Address Error Redirector
Canon MP490 series MP Drivers
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
Conexant D850 PCI V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Digital Line Detect
File Opener Packages
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® PRO Network Connections 12.1.12.4
Intel® Viiv™ Software
iTunes
Java™ SE Runtime Environment 6
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NetWaiting
Skins
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
XPS MiniView Gadget
.
==== End Of File ===========================
 

And here is the aswMBR File

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-07 16:53:22
-----------------------------
16:53:22.598    OS Version: Windows 6.0.6000
16:53:22.598    Number of processors: 4 586 0xF0B
16:53:22.598    ComputerName: OWNER-PC  UserName: owner
16:53:23.659    Initialize success
16:53:23.721    VM: initialized successfully
16:53:23.737    VM: Intel CPU BiosDisabled
16:53:28.049    VM: disk I/O atapi.sys
16:59:03.440    AVAST engine defs: 14070701
16:59:41.518    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:59:41.518    Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
16:59:41.861    Disk 0 MBR read successfully
16:59:41.877    Disk 0 MBR scan
16:59:41.877    Disk 0 Windows VISTA default MBR code
16:59:41.877    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       47 MB offset 63
16:59:41.892    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15360 MB offset 98304
16:59:41.908    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       289836 MB offset 31555584
16:59:41.924    Disk 0 scanning sectors +625139712
16:59:42.220    Disk 0 scanning C:\Windows\system32\drivers
16:59:50.535    Service scanning
17:00:08.178    Modules scanning
17:00:20.003    Disk 0 trace - called modules:
17:00:20.003    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
17:00:20.019    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85438ad8]
17:00:20.019    3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8417cbb0]
17:00:20.799    AVAST engine scan C:\Windows
17:00:22.796    AVAST engine scan C:\Windows\system32
17:03:54.747    AVAST engine scan C:\Windows\system32\drivers
17:04:07.054    AVAST engine scan C:\Users\owner
17:08:09.891    AVAST engine scan C:\ProgramData
17:09:47.835    Scan finished successfully
17:13:04.052    Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
17:13:04.052    The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"


Edited by poporacer, 07 July 2014 - 06:28 PM.


#4 poporacer

poporacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 09 July 2014 - 05:47 PM

Repost per TB Psychotic

Here is the Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/27/2007 9:16:06 AM
System Uptime: 7/6/2014 7:21:24 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU | 2393/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 205.499 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 4.567 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 13 ActiveX
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.0
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Bonjour
Browser Address Error Redirector
Canon MP490 series MP Drivers
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
Conexant D850 PCI V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Digital Line Detect
File Opener Packages
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® PRO Network Connections 12.1.12.4
Intel® Viiv™ Software
iTunes
Java™ SE Runtime Environment 6
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NetWaiting
Skins
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
XPS MiniView Gadget
.
==== End Of File ===========================


And here is the aswMBR File



aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-07 16:53:22
-----------------------------
16:53:22.598 OS Version: Windows 6.0.6000
16:53:22.598 Number of processors: 4 586 0xF0B
16:53:22.598 ComputerName: OWNER-PC UserName: owner
16:53:23.659 Initialize success
16:53:23.721 VM: initialized successfully
16:53:23.737 VM: Intel CPU BiosDisabled
16:53:28.049 VM: disk I/O atapi.sys
16:59:03.440 AVAST engine defs: 14070701
16:59:41.518 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:59:41.518 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
16:59:41.861 Disk 0 MBR read successfully
16:59:41.877 Disk 0 MBR scan
16:59:41.877 Disk 0 Windows VISTA default MBR code
16:59:41.877 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
16:59:41.892 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 98304
16:59:41.908 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 289836 MB offset 31555584
16:59:41.924 Disk 0 scanning sectors +625139712
16:59:42.220 Disk 0 scanning C:\Windows\system32\drivers
16:59:50.535 Service scanning
17:00:08.178 Modules scanning
17:00:20.003 Disk 0 trace - called modules:
17:00:20.003 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
17:00:20.019 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85438ad8]
17:00:20.019 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8417cbb0]
17:00:20.799 AVAST engine scan C:\Windows
17:00:22.796 AVAST engine scan C:\Windows\system32
17:03:54.747 AVAST engine scan C:\Windows\system32\drivers
17:04:07.054 AVAST engine scan C:\Users\owner
17:08:09.891 AVAST engine scan C:\ProgramData
17:09:47.835 Scan finished successfully
17:13:04.052 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
17:13:04.052 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

Edited by poporacer, 09 July 2014 - 06:15 PM.


#5 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 13 July 2014 - 11:41 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 

#6 poporacer

poporacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 13 July 2014 - 03:34 PM

Here you go!
ComboFix 14-07-13.01 - owner 07/13/2014 14:09:52.1.4 - x86
Microsoft® Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.3069.2089 [GMT -7:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-06-13 to 2014-07-13 )))))))))))))))))))))))))))))))
.
.
2014-07-13 21:16 . 2014-07-13 21:16 -------- d-----w- c:\users\owner\AppData\Local\temp
2014-07-11 21:34 . 2014-06-17 09:57 8140904 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{702409F0-1441-4339-A41F-E4A70EA4CFE5}\mpengine.dll
2014-07-07 23:54 . 2014-03-31 16:35 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-07 02:31 . 2014-07-07 23:47 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-07 02:30 . 2014-05-12 14:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-07 02:30 . 2014-05-12 14:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-07 02:30 . 2014-05-12 14:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-07 02:30 . 2014-07-07 02:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-07 02:30 . 2014-07-07 02:30 -------- d-----w- c:\programdata\Malwarebytes
2014-07-02 22:12 . 2014-07-02 22:12 -------- d-----w- c:\program files\7B0A8368-1A6F-48A5-B236-8BD61816B3F9
2014-06-14 17:25 . 2014-06-14 17:25 -------- d-----w- c:\programdata\NortonInstaller
2014-06-14 17:24 . 2014-06-14 17:24 -------- d-----w- c:\users\owner\AppData\Roaming\1H1Q
2014-06-14 17:24 . 2014-07-07 03:11 -------- d-----w- c:\program files\004
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 20:08 . 2013-08-17 02:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 20:08 . 2013-08-17 02:09 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-12 19:05 . 2014-06-12 19:05 47488 ----a-w- c:\windows\system32\drivers\netfilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-27 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-27 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 64af91bf;Fast And Safe;c:\windows\system32\rundll32.exe [2006-11-02 44544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - aswMBR
*Deregistered* - aswVmm
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 12:54 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-17 20:08]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 21:52]
.
2014-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-13 14:16
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-07-13 14:21:40
ComboFix-quarantined-files.txt 2014-07-13 21:21
.
Pre-Run: 221,796,610,048 bytes free
Post-Run: 222,128,406,528 bytes free
.
- - End Of File - - 3B070C0047EF4EB35EA960B8AB6C7260
5C616939100B85E558DA92B899A0FC36

#7 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 14 July 2014 - 09:19 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 

#8 poporacer

poporacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 14 July 2014 - 06:38 PM

Here they are:

I am not getting thr Adobe Flashruntime popup any more, but still getting the Google toolbar popup...getting a bit better

 

ComboFix 14-07-14.01 - owner 07/14/2014  16:59:53.2.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.3069.1960 [GMT -7:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\004
c:\users\owner\AppData\Roaming\1H1Q
c:\users\owner\AppData\Roaming\1H1Q\File Opener Packages\uninstaller.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-15 to 2014-07-15  )))))))))))))))))))))))))))))))
.
.
2014-07-15 00:03 . 2014-07-15 00:03 -------- d-----w- c:\users\owner\AppData\Local\temp
2014-07-15 00:03 . 2014-07-15 00:03 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2014-07-15 00:03 . 2014-07-15 00:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-11 21:34 . 2014-06-17 09:57 8140904 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{702409F0-1441-4339-A41F-E4A70EA4CFE5}\mpengine.dll
2014-07-07 23:54 . 2014-03-31 16:35 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-07 02:31 . 2014-07-14 23:53 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-07 02:30 . 2014-05-12 14:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-07 02:30 . 2014-05-12 14:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-07 02:30 . 2014-05-12 14:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-07 02:30 . 2014-07-07 02:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-07 02:30 . 2014-07-07 02:30 -------- d-----w- c:\programdata\Malwarebytes
2014-07-02 22:12 . 2014-07-02 22:12 -------- d-----w- c:\program files\7B0A8368-1A6F-48A5-B236-8BD61816B3F9
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 20:08 . 2013-08-17 02:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 20:08 . 2013-08-17 02:09 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-12 19:05 . 2014-06-12 19:05 47488 ----a-w- c:\windows\system32\drivers\netfilter.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-27 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-27 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 64af91bf;Fast And Safe;c:\windows\system32\rundll32.exe [2006-11-02 44544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ    BthServ
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 12:54 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-17 20:08]
.
2014-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 21:52]
.
2014-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-File Opener Packages - c:\users\owner\AppData\Roaming\1H1Q\File Opener Packages\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-14 17:03
Windows 6.0.6000  NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-07-14  17:04:36
ComboFix-quarantined-files.txt  2014-07-15 00:04
ComboFix2.txt  2014-07-13 21:21
.
Pre-Run: 222,296,854,528 bytes free
Post-Run: 222,278,017,024 bytes free
.
- - End Of File - - 9B8DE69E5BD30E68A340C470B1A80CC9
5C616939100B85E558DA92B899A0FC36
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/14/2014
Scan Time: 5:20:49 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.14.14
Rootkit Database: v2014.07.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301676
Time Elapsed: 3 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#9 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 15 July 2014 - 05:36 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

#10 poporacer

poporacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 15 July 2014 - 07:13 PM

Here are the results. I had to use Chrome because IE was not being responsive. I get the Google Toolbar for Internet Explorer 10 times before IE will open and several script errors (These were happening before)

 

C:\Qoobox\Quarantine\C\Users\owner\AppData\Roaming\1H1Q\File Opener Packages\uninstaller.exe.vir Win32/InstallCore.PC potentially unwanted application
 

    Advertisements

Register to Remove


#11 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 16 July 2014 - 02:38 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 

#12 poporacer

poporacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 16 July 2014 - 06:36 PM

Here are the logs:

IE is still acting up. I still get the Google Toolbar for Internet Explorer pop up but now only 6 times before it opens I haven't seen the script errors either. Getting a bit better.

# AdwCleaner v3.215 - Report created 16/07/2014 at 16:28:04

# Updated 09/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Desktop\adwcleaner_3.215.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : 64af91bf
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\owner\Documents\Optimizer Pro
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFA17CA4-4937-4D66-82B7-FE6259ACD4CD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFA17CA4-4937-4D66-82B7-FE6259ACD4CD}
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF767AE36C8829547ACD71A4249A42B9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_24_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzytC0DyD0DyByEyByCtB0AtN0D0Tzu0SzzzyyCtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBtByD0F0EzyyCtCtG0FyCzz0BtGtB0FtDyCtGyB0B0E0AtGyEtCtCzzzyyEzz0FtB0DtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtAyBtCyEyEtCtBtGtDtC0DtDtGyCzzyC0BtGyByC0DyBtGtAtB0DyB0C0E0BtDzzyE0AyE2Q&cr=559955172&ir=
 
*************************
 
AdwCleaner[R0].txt - [2578 octets] - [16/07/2014 16:24:32]
AdwCleaner[S0].txt - [3058 octets] - [16/07/2014 16:28:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3118 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by owner on Wed 07/16/2014 at 17:02:01.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/16/2014 at 17:03:58.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 Results of screen317's Security Check version 0.99.85  
 Windows Vista  x86 (UAC is enabled)  
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ SE Runtime Environment 6 
 Java version out of Date! 
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
 


#13 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 17 July 2014 - 01:36 AM

The Google Toolbar is a legit program and therefore not removed here.

 

 

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:

    Google Toolbar for Internet Explorer
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

Your system is clean now! :)

 

 

Windows Vista out of date

Your Microsoft Windows installation is out of date. Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure. Out-of-date Windows installations represent a risk to your system and are also a conduit for the spread of malware.

You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.

 

 

 

Internet Explorer out of date

Your version of Internet Explorer is outdated.

  • Please download IE 11 from here
  • Save it to your desktop.
  • Double click on the file on your desktop to start the installation process.
  • Reboot

 

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo...er-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 

#14 poporacer

poporacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 19 July 2014 - 06:20 AM

I had some problems updating Windows Vista to Service Pack 1. It would say Update complete, and then when I tried to update it to Service Pack 2, It said that you had to have Service Pack 1 installed first and took me to the Service Pack 1 installation page. We did this a couple times. I went to Microsoft's Support page to fix the problem. I had to work all day yesterday and today I am out of town. I just want to let you know the status so we can continue.

#15 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 19 July 2014 - 01:30 PM

There is no more work to do. Update the system with support`s help and follow my recommendations! :)


Proud Member of UNITE & TB
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users