Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hyperlinked words, Pop ups, General Problems

Started by megan.pen , Nov 22 2014 12:36 AM

  • This topic is locked This topic is locked
27 replies to this topic

#1 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 22 November 2014 - 12:36 AM

Hi,
 
My computer is having a heap of pop up windows and web pages starting from no where, and also certain words on web pages are under lined linking me to adds etc.
 
I am not running Norton anymore, and not sure what I should be using to stop this from happening, I am pretty sure it happens from downloading programs etc.. but don't know what to do to stop this from happening
any help would be great J
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-11-2014
Ran by Megan (administrator) on PENNINGHPC on 22-11-2014 16:24:10
Running from C:\Users\Megan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASTAPGK
Loaded Profile: Megan (Available profiles: Megan)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.5.0.28
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.5.0.28
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.5.0.28
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom..._S2Y9J9FD805064
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom..._S2Y9J9FD805064
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom..._S2Y9J9FD805064
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom..._S2Y9J9FD805064
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom..._S2Y9J9FD805064
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom..._S2Y9J9FD805064
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.websse..._S2Y9J9FD805064
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO64.dll ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TinyWallet -> {8172a532-5d32-4be9-a9f0-520a90646db4} -> C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.x64.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO.dll ()
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: TinyWallet -> {8172a532-5d32-4be9-a9f0-520a90646db4} -> C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> No Name - {00000000-0000-0000-0000-000000000000} -  No File
Toolbar: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TinyWallet) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc [2014-11-04]
CHR Extension: (Newhub) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp [2014-09-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (WhiteSmoke New V.12) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpkdnelacfdbmlcelmaiabghmhaoceef [2014-03-13]
CHR Extension: (Browser Warden) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk [2014-11-07]
CHR Extension: (Skype Click to Call) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-03]
CHR Extension: (Security Protection) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2014-11-21]
CHR HKLM\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Megan\AppData\Local\nwhb-v9.4.15.crx [2014-03-17]
CHR HKLM-x32\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Megan\AppData\Local\nwhb-v9.4.15.crx [2014-03-17]
CHR HKLM-x32\...\Chrome\Extension: [gpkdnelacfdbmlcelmaiabghmhaoceef] - C:\Users\Megan\AppData\Local\CRE\gpkdnelacfdbmlcelmaiabghmhaoceef.crx [2013-10-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-hom..._S2Y9J9FD805064
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-13 16:53
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-11-2014
Ran by Megan at 2014-11-22 16:26:25
Running from C:\Users\Megan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASTAPGK
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
22-10-2014 08:32:56 Scheduled Checkpoint
29-10-2014 10:22:23 Scheduled Checkpoint
08-11-2014 01:01:02 Scheduled Checkpoint
12-11-2014 10:09:32 Windows Update
19-11-2014 08:49:55 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 15:26 - 2014-11-04 20:29 - 00000083 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: C:\Windows\Tasks\bench-S-1-5-21-1601758659-1066206950-3557107692-1002.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMegan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\StartupApproved\Run: => "Skype"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1601758659-1066206950-3557107692-500 - Administrator - Disabled)
Guest (S-1-5-21-1601758659-1066206950-3557107692-501 - Limited - Disabled)
Megan (S-1-5-21-1601758659-1066206950-3557107692-1002 - Administrator - Enabled) => C:\Users\Megan
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/22/2014 08:33:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: SkypeIEPlugin.dll, version: 7.3.16540.9015, time stamp: 0x53c40dfa
Exception code: 0xc0000005
Fault offset: 0x0005a415
Faulting process id: 0xdb4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (11/21/2014 10:20:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
Error: (11/21/2014 10:20:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992
 
Error: (11/21/2014 10:20:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/21/2014 08:01:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: SkypeIEPlugin.dll, version: 7.3.16540.9015, time stamp: 0x53c40dfa
Exception code: 0xc0000005
Fault offset: 0x0005a415
Faulting process id: 0x18c4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (11/21/2014 07:55:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: SkypeIEPlugin.dll, version: 7.3.16540.9015, time stamp: 0x53c40dfa
Exception code: 0xc0000005
Fault offset: 0x0005a40d
Faulting process id: 0x1b90
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (11/21/2014 07:50:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: urlmon.dll, version: 10.0.9200.17148, time stamp: 0x544c1703
Exception code: 0xc0000005
Fault offset: 0x00002d1b
Faulting process id: 0x15d0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (11/21/2014 04:21:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PENNINGHPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Chat failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/21/2014 04:21:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 12ac
 
Start Time: 01d0055353f853ae
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\wwahost.exe
 
Report Id: 9defbd50-7146-11e4-bec5-a0481c18006a
 
Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.Chat
 
Error: (11/21/2014 04:21:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PENNINGHPC)
Description: App microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Chat did not launch within its allotted time.
 
 
System errors:
=============
Error: (11/21/2014 04:21:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
 
Error: (11/21/2014 04:19:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2
 
Error: (11/17/2014 04:14:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (11/17/2014 04:14:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (11/17/2014 04:14:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (11/17/2014 04:14:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (11/17/2014 04:06:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
 
Error: (11/17/2014 04:04:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2
 
Error: (11/14/2014 06:34:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
 
Error: (11/14/2014 06:31:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (11/22/2014 08:33:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17148544c16cdSkypeIEPlugin.dll7.3.16540.901553c40dfac00000050005a415db401d005db28cec66dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll75b5fded-71ce-11e4-bec5-a0481c18006a
 
Error: (11/21/2014 10:20:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
Error: (11/21/2014 10:20:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992
 
Error: (11/21/2014 10:20:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/21/2014 08:01:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17148544c16cdSkypeIEPlugin.dll7.3.16540.901553c40dfac00000050005a41518c401d0057209d3807dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll4cd6624a-7165-11e4-bec5-a0481c18006a
 
Error: (11/21/2014 07:55:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17148544c16cdSkypeIEPlugin.dll7.3.16540.901553c40dfac00000050005a40d1b9001d005714a39596bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll900d7ca4-7164-11e4-bec5-a0481c18006a
 
Error: (11/21/2014 07:50:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17148544c16cdurlmon.dll10.0.9200.17148544c1703c000000500002d1b15d001d0057074b0ce31C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\urlmon.dllda3f8c2c-7163-11e4-bec5-a0481c18006a
 
Error: (11/21/2014 04:21:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PENNINGHPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Chat-2144927142
 
Error: (11/21/2014 04:21:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.2.9200.1642012ac01d0055353f853ae4294967295C:\Windows\system32\wwahost.exe9defbd50-7146-11e4-bec5-a0481c18006amicrosoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Chat
 
Error: (11/21/2014 04:21:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PENNINGHPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Chat
 
 
==================== Memory info ===========================
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 30%
Total physical RAM: 7366.25 MB
Available physical RAM: 5152.23 MB
Total Pagefile: 8518.25 MB
Available Pagefile: 5996.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:907.12 GB) (Free:449.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.62 GB) (Free:0.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (15.0.4433.1508) (CDROM) (Total:2.05 GB) (Free:0 GB) UDF
 
==================== End Of Log ============================
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-22 16:30:27
-----------------------------
16:30:27.439    OS Version: Windows x64 6.2.9200
16:30:27.439    Number of processors: 4 586 0x1001
16:30:27.454    ComputerName: PENNINGHPC  UserName: Megan
16:30:32.571    Initialze error C000003A - driver not loaded
16:30:32.618    write error "ashBase.dll". The system cannot find the path specified.
16:30:54.517    The log file has been saved successfully to "C:\Users\Megan\Desktop\aswMBR.txt"

    Advertisements

Register to Remove

#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 22 November 2014 - 06:52 PM

Follow these instructions on how to Backup Chrome Bookmarks.
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
  • U5NwUGc.pngBackup Chrome Bookmarks
  • NEXT
  • Uninstall
    Google Chrome

    Follow the prompts.
    Reboot if necessary.
    Download and reinstall Google Chrome.
    http://www.google.com/chrome/

    ~~~~~~~~~~~~~~~~~~~~~

    Running from C:\Users\Megan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASTAPGK

    We can't use FRST from this location.

    - Save ALL Tools to your Desktop-

    All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.

    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

    ************

    Now please download FRST again.

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Don't run it just yet, we have a script to add to it.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.websse..._S2Y9J9FD805064
SearchScopes: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
BHO: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO64.dll ()
BHO: TinyWallet -> {8172a532-5d32-4be9-a9f0-520a90646db4} -> C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.x64.dll ()
BHO-x32: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO.dll ()
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: TinyWallet -> {8172a532-5d32-4be9-a9f0-520a90646db4} -> C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.dll ()
Toolbar: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> No Name - {00000000-0000-0000-0000-000000000000} - No File
Toolbar: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR dev: Chrome dev build detected! <======= ATTENTION
Task: C:\Windows\Tasks\bench-S-1-5-21-1601758659-1066206950-3557107692-1002.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


adwcleaner_download.png
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 23 November 2014 - 04:07 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014 01
Ran by Megan at 2014-11-23 18:58:45 Run:2
Running from C:\Users\Megan\Desktop
Loaded Profile: Megan (Available profiles: Megan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.websse..._S2Y9J9FD805064
SearchScopes: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com....rchTerms}=
SearchScopes: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com....rchTerms}=
BHO: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO64.dll ()
BHO: TinyWallet -> {8172a532-5d32-4be9-a9f0-520a90646db4} -> C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.x64.dll ()
BHO-x32: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files (x86)\Browser Warden\FrameworkBHO.dll ()
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: TinyWallet -> {8172a532-5d32-4be9-a9f0-520a90646db4} -> C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.dll ()
Toolbar: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> No Name - {00000000-0000-0000-0000-000000000000} - No File
Toolbar: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR dev: Chrome dev build detected! <======= ATTENTION
Task: C:\Windows\Tasks\bench-S-1-5-21-1601758659-1066206950-3557107692-1002.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
EmptyTemp:
Hosts:
End

*****************

Processes closed successfully.
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C09954F-CDA8-4BD1-8794-1D543E050378}" => Key deleted successfully.
"HKCR\CLSID\{2C09954F-CDA8-4BD1-8794-1D543E050378}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8172a532-5d32-4be9-a9f0-520a90646db4}" => Key deleted successfully.
"HKCR\CLSID\{8172a532-5d32-4be9-a9f0-520a90646db4}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C09954F-CDA8-4BD1-8794-1D543E050378}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2C09954F-CDA8-4BD1-8794-1D543E050378}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8172a532-5d32-4be9-a9f0-520a90646db4}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{8172a532-5d32-4be9-a9f0-520a90646db4}" => Key deleted successfully.
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} => value deleted successfully.
"HKCR\CLSID\{00000000-0000-0000-0000-000000000000}" => Key not found.
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Windows\Tasks\bench-S-1-5-21-1601758659-1066206950-3557107692-1002.job => Moved successfully.
C:\Windows\Tasks\bench-sys.job => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 887.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

# AdwCleaner v4.101 - Report created 23/11/2014 at 19:12:24
# Updated 09/11/2014 by Xplode
# Database : 2014-11-22.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : Megan - PENNINGHPC
# Running from : C:\Users\Megan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc
Service Deleted : IePluginServices
Service Deleted : WindowsMangerProtect
Service Deleted : winzipersvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\69e3573aaadc6187
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\GetPrivate
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\Browser Warden
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Megan\AppData\Local\BenchUpdater
Folder Deleted : C:\Users\Megan\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Megan\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Megan\AppData\Local\torch
Folder Deleted : C:\Users\Megan\AppData\Local\Browser Warden
Folder Deleted : C:\Users\Megan\AppData\Roaming\GetPrivate
Folder Deleted : C:\Users\Megan\AppData\Roaming\InetStat
Folder Deleted : C:\Users\Megan\AppData\Roaming\webssearches
Folder Deleted : C:\Users\Megan\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Deleted : C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Warden
Folder Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
Folder Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

***** [ Scheduled Tasks ] *****

Task Deleted : bench-sys

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Megan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Megan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Megan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Bench Communicator Watcher]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Bench Settings Cleaner]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BService]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Wd]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Value Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce [Browser Warden-repairJob]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Deleted : HKCU\Software\Classes\Applications\inetstat.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BService64]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C09954F-CDA8-4BD1-8794-1D543E050378}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C09954F-CDA8-4BD1-8794-1D543E050378}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C09954F-CDA8-4BD1-8794-1D543E050378}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C09954F-CDA8-4BD1-8794-1D543E050378}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C09954F-CDA8-4BD1-8794-1D543E050378}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C09954F-CDA8-4BD1-8794-1D543E050378}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\Proxy
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\Proxy
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\Browser Warden
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-homes.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\surfcanyon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweet-page.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

-\\ Google Chrome v38.0.2125.111

[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415096963&from=irs&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415096963&from=irs&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415096963&from=irs&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415096963&from=irs&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M465908CE-17E0-4B16-9B11-395D4C500DEB&SearchSource=58&CUI=&UM=6&UP=SP140E30A4-4D0B-4255-87F6-A95435431B80&q={searchTerms}&SSPV=
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M465908CE-17E0-4B16-9B11-395D4C500DEB&SearchSource=58&CUI=&UM=6&UP=SP140E30A4-4D0B-4255-87F6-A95435431B80&q={searchTerms}&SSPV=
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1416554451&from=wpm11213&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.delta-homes.com/?type=hp&ts=1416554451&from=wpm11213&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064

-\\ Comodo Dragon v

[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415096963&from=irs&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415096963&from=irs&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415096963&from=irs&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415096963&from=irs&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M465908CE-17E0-4B16-9B11-395D4C500DEB&SearchSource=58&CUI=&UM=6&UP=SP140E30A4-4D0B-4255-87F6-A95435431B80&q={searchTerms}&SSPV=
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M465908CE-17E0-4B16-9B11-395D4C500DEB&SearchSource=58&CUI=&UM=6&UP=SP140E30A4-4D0B-4255-87F6-A95435431B80&q={searchTerms}&SSPV=
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1416554451&from=wpm11213&uid=ST1000LM024XHN-M101MBB_S2Y9J9FD805064&q={searchTerms}

*************************

AdwCleaner[R0].txt - [21598 octets] - [31/08/2014 15:29:47]
AdwCleaner[R1].txt - [962 octets] - [31/08/2014 16:08:00]
AdwCleaner[R2].txt - [12062 octets] - [23/11/2014 19:07:34]
AdwCleaner[S0].txt - [18596 octets] - [31/08/2014 15:30:57]
AdwCleaner[S1].txt - [1024 octets] - [31/08/2014 16:09:18]
AdwCleaner[S2].txt - [13133 octets] - [23/11/2014 19:12:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [13194 octets] ##########

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 8 x64
Ran by Megan on 23/11/2014 at 19:35:27.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update jump flip
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util enhancetronic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util jump flip

 

~~~ Files

Successfully deleted: [File] "C:\Users\Megan\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Megan\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-ABEEF784.pf
Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC.TMP-A1381296.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Megan\appdata\local\cre"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/11/2014 at 19:40:27.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 23 November 2014 - 05:43 AM

Removed quite a bit there.

Did you follow the instructions related to Google Chrome?

~~~~~~~~~~~~~~~~~~~~~
Download Malwarebytes' Anti-Malware to your desktop.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
MBAMDashboard_zpsddef9b5f.gif
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Dections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 25 November 2014 - 04:16 AM

Hi,

 

I am still having windows open up randomly when I try and open a new tab in internet explorer etc.. I tried to follow the instructions for the Google Chrome thing, but couldn't understand what to do. Once the checks and logs were all done, I had to change the LAN setting for the internet as I couldn't open a web page but all is fine now, just still pop up windows etc, and underlined words on any pages I view.

 

Log below from Anti-Malware;

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25/11/2014
Scan Time: 7:53:50 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.25.05
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Megan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338154
Time Elapsed: 20 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [5c9d1f2003796dc9d89a8d28e3211ce4],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [a257211e126aec4ada97259050b4c937],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, , [25d4cb740c7044f27da650156f9403fd],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CouponDownloader, , [fefbcf70225a2511f2326302b84b8f71],
PUP.Optional.MediaPlayerPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Media_Play_AIR+_1.1, , [fefb350aacd051e544f8f767f310db25],
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-1601758659-1066206950-3557107692-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re-markit, , [06f3a29de6963402e0a81431758ec13f],
PUP.Optional.TinyWallet.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F04D4328-4631-1CBE-1907-201B33FAF2E8}, , [ea0fe15e295351e5fb713afcb74cb947],

Registry Values: 3
PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, http://search.certif...BAE6FB4D0C&q=%s, , [b4455ee11c602c0a7c759ac052b1649c]
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_au_68, , [738657e85f1da59126d9d5926d96a957],
PUM.Bad.Proxy, HKU\S-1-5-21-1601758659-1066206950-3557107692-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:3128, , [25d4f24d2f4dcf672c958ed030d3649c]

Registry Data: 2
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Good: (www.google.com), Bad: (%appdata%\SimplyTech\home\home.htm),,[7386b58a0d6f989ef476d77391749868]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-1601758659-1066206950-3557107692-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, http://search.certif...BAE6FB4D0C&q=%s, Good: (www.google.com), Bad: (http://search.certif...3e2b79eec19e917]

Folders: 37
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\bin, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\Logs, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\rep, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\SearchProtect, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\SearchProtect\bin, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\SearchProtect\Logs, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\SearchProtect\rep, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\bin, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\rep, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\AppFramework, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\CanvasFramework, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework-ui, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\icons, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\includes, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\AppFramework, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\CanvasFramework, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework-ui, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\icons, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\includes, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.TinyWallet.A, C:\ProgramData\TinyWallet, , [ea0fe15e295351e5fb713afcb74cb947],
PUP.Optional.TinyWallet.A, C:\Program Files (x86)\TinyWallet, , [7f7ad36c6d0fb482db92d264b44f6b95],

Files: 176
PUP.Optional.MultiPlug, C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.dll, , [5b9e94ab611b84b2d3e1cef2679ab050],
PUP.Optional.MultiPlug, C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.x64.dll, , [d128c17e205cb97da70dc5fba160e719],
PUP.Optional.CouponDownloader.A, C:\temp\t_ie.exe, , [3fba231c2c5041f5a0e1ca79000022de],
PUP.Optional.Conduit.A, C:\Users\Megan\Downloads\WhiteSmoke_brie_cid6667.exe, , [6d8c5fe00f6d70c6e38a6500c041cb35],
PUP.Optional.DomaIQ, C:\Users\Megan\Downloads\Player Setup.exe, , [20d9dd62126a74c209e7e27926dae31d],
PUP.Optional.DomaIQ, C:\Users\Megan\Downloads\Setup.exe, , [c633bf80403c6fc7628eadae728e24dc],
PUP.Optional.AirAdInstaller, C:\Users\Megan\Downloads\Spotify Setup.exe, , [a3562718c0bc8ea8cd86ee4c2cd446ba],
PUP.Optional.GetPrivateVPN, C:\Windows\System32\Tasks\GPUP, , [10e9e6594933a0965bd90f35f60df907],
PUP.Optional.Proxy.A, C:\Users\Megan\AppData\Local\proxy.log, , [d425d06f215b5adc2593232b14ef7789],
PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-S-1-5-21-1601758659-1066206950-3557107692-1002, , [0bee033c215be6500d84cd8be41f7090],
PUP.Optional.NewHub.A, C:\Users\Megan\AppData\Local\nwhb-v9.4.15.crx, , [5c9ddc63c1bb96a0e2400aa8669e659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjjjegfhiceggepdokloeepnhlfnedkk_0.localstorage, , [8b6e231cd0acfd391a80e4ce7d87f50b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjjjegfhiceggepdokloeepnhlfnedkk_0.localstorage-journal, , [30c9c9761f5de056534749696b99768a],
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [9b5e78c75824d1651f56ae0735cf5ba5],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\EULA.txt, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\bin\SPtool.dll_1389856822494, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\bin\uninstall.exe, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\rep\SystemRepository.dat, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings.html, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\style.css, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble\bubble.css, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble\bubble.html, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble\bubble.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble\defaults.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\Apply-default.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\Apply-onclick.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\Apply-Rollover.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bg-with-logo.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bg.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bgNotif.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bgSettings.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bgUninstall.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\btnBlue.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\btnClose.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\btnSilver.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\checkbox.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\checkbox_checked.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\checkbox_def.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\close-win-def.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\close-win-over-click.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\gray-bg.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\hez-def.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\hez-selected.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\hez.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\icon-win.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\info-icon.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\menu-rollover.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\menu-selected.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\radio-button-def.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\radio-button-selected.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\radio-button.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\radio-button2.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\Settings-icon.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\text-field.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\v.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\x.png, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\defaults.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\dialogUtils.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\jquery.1.7.1.min.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\json2.min.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\main.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\SPDialogAPI.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection\defaults.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection\protection.css, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection\protection.html, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection\protection.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS\defaults.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS\protectionDS.css, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS\protectionDS.html, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS\protectionDS.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings\defaults.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings\settings.css, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings\settings.html, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings\settings.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall\defaults.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall\uninstall.css, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall\uninstall.html, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall\uninstall.js, , [38c1013e007c1f17316bc0529271926e],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\background.html, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\extension_info.json, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\manifest.json, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\AppFramework\appAPI_bg.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\AppFramework\appAPI_browseraction.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\AppFramework\appAPI_common.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\AppFramework\appAPI_content.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\AppFramework\appAPI_settings.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\AppFramework\appAPI_webrequest.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\AppFramework\jquery.min.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\CanvasFramework\canvasscript_engine.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\CanvasFramework\canvas_bg.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\CanvasFramework\webrequest.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\backgroundscript_engine.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\base.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\browser.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\console.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\framework.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\i18n.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\initialize.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\invoke_async.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\io.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\lang.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\legacy.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\message_target.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\messaging.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\storage.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\timer.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\userscript_client.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\userscript_engine.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\utils.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework\xhr.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework-ui\browser_button.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework-ui\context_menu.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework-ui\framework_api.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework-ui\notifications.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework-ui\options.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework-ui\remote_popup_host.html, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework-ui\remote_popup_host.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\framework-ui\ui_base.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\icons\button.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\icons\icon100.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\icons\icon128.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\icons\icon32.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\icons\icon48.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_0\includes\content.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\background.html, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\extension_info.json, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\manifest.json, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\AppFramework\appAPI_bg.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\AppFramework\appAPI_browseraction.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\AppFramework\appAPI_common.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\AppFramework\appAPI_content.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\AppFramework\appAPI_settings.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\AppFramework\appAPI_webrequest.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\AppFramework\jquery.min.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\CanvasFramework\canvasscript_engine.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\CanvasFramework\canvas_bg.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\CanvasFramework\webrequest.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\backgroundscript_engine.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\base.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\browser.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\console.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\framework.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\i18n.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\initialize.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\invoke_async.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\io.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\lang.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\legacy.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\message_target.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\messaging.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\storage.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\timer.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\userscript_client.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\userscript_engine.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\utils.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework\xhr.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework-ui\browser_button.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework-ui\context_menu.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework-ui\framework_api.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework-ui\notifications.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework-ui\options.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework-ui\remote_popup_host.html, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework-ui\remote_popup_host.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\framework-ui\ui_base.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\icons\button.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\icons\icon100.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\icons\icon128.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\icons\icon32.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\icons\icon48.png, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.BrowserWarden.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjjegfhiceggepdokloeepnhlfnedkk\1.0_1\includes\content.js, , [7d7cd06fe7950036edca46e2ad56659b],
PUP.Optional.TinyWallet.A, C:\ProgramData\TinyWallet\2RBs7bM7pE54zOk.dat, , [ea0fe15e295351e5fb713afcb74cb947],
PUP.Optional.TinyWallet.A, C:\ProgramData\TinyWallet\2RBs7bM7pE54zOk.exe, , [ea0fe15e295351e5fb713afcb74cb947],
PUP.Optional.TinyWallet.A, C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.dat, , [7f7ad36c6d0fb482db92d264b44f6b95],
PUP.Optional.TinyWallet.A, C:\Program Files (x86)\TinyWallet\wCFjHWsXbA0dFL.tlb, , [7f7ad36c6d0fb482db92d264b44f6b95],
PUP.Optional.Delta.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://www.delta-hom..._S2Y9J9FD805064",), ,[cf2a5be490ecc2747178aedd58ad31cf]
PUP.Optional.Trovi.A, C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (         "new_tab_url": "https://www.trovi.co...431B80&SAT=CNTS",), ,[e4155ae5a9d30630c8a91e6f27de46ba]

Physical Sectors: 0
(No malicious items detected)

(end)


#6 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 25 November 2014 - 04:48 AM

Google Chrome was hit with most of the infection. I think you still need to uninstall then reinstall it.

Did you allow MBAM (Malwarebytes Anti-Malware) to quarantine or delete what was found?


Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Download RogueKiller to your desktop.
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
~~~~~~~~~~
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 November 2014 - 09:20 PM

Hi

 

I uninstalled google chrome, ran the Malwarebytes again and quarantined what was found.

 

log below from Rogue killer;

 

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Megan [Administrator]
Mode : Scan -- Date : 11/29/2014  13:20:20

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BthA2DP (\SystemRoot\system32\drivers\BthA2DP.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BthAvrcpTg (\SystemRoot\System32\drivers\BthAvrcpTg.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BthHFEnum (\SystemRoot\System32\drivers\bthhfenum.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bthhfhid (\SystemRoot\System32\drivers\BthHFHid.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec....&pvid=20.5.0.28  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec....&pvid=20.5.0.28  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec....&pvid=20.5.0.28  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec....&pvid=20.5.0.28  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec....&pvid=20.5.0.28  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec....&pvid=20.5.0.28  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec....&pvid=20.5.0.28  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec....&pvid=20.5.0.28  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E980B3E3-ED55-4DF8-8212-50BB31420BD0} | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E980B3E3-ED55-4DF8-8212-50BB31420BD0} | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 54.225.95.126 hjjjegfhiceggepdokloeepnhlfnedkk

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM 024 HN-M101MBB SATA Disk Device +++++
--- User ---
[MBR] 2c0f83658bf3a7fd34ab95d219f57810
[BSP] 21a20fcad830f6f26d17a9d42e304cdc : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_11292014_130909.log


#8 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 29 November 2014 - 08:13 AM

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
Hosts: 54.225.95.126 hjjjegfhiceggepdokloeepnhlfnedkk
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note:
    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.
Please post
fixlist.txt
Eset log
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 03 December 2014 - 05:00 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2014
Ran by Megan at 2014-12-03 20:54:23 Run:3
Running from C:\Users\Megan\Desktop
Loaded Profile: Megan (Available profiles: Megan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Hosts: 54.225.95.126 hjjjegfhiceggepdokloeepnhlfnedkk
EmptyTemp:
Hosts:
End

*****************

Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 310.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====


#10 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 03 December 2014 - 02:33 PM

will send the other scan once done, its still running!


    Advertisements

Register to Remove

#11 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 04 December 2014 - 06:08 AM

How's the Eset scan coming along?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#12 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 04 December 2014 - 06:23 AM

Still running, its only at 49% and been running now for 25+ hours

 

I can keep it running its no problem.


#13 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 04 December 2014 - 10:23 AM

good golly how much stuff you got on that computer or do you have a couple of external drives connected?

Anyways, hope it ends soon. :)
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#14 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 05 December 2014 - 02:11 AM

eeeppp...!! Maybe I should buy a hard drive to put my videos and tv shows on  <_<

 

Will send the log as soon as I can! Thanks!!


#15 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 05 December 2014 - 09:03 AM

eeeppp...!! Maybe I should buy a hard drive to put my videos and tv shows on  <_<
 
Will send the log as soon as I can! Thanks!!

You know, thats actually a good idea and this shows how scan times can be affected by what you have on the computer.

By chance, has it stated it found anything yet?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·