Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vosteran Infected [Solved]


  • This topic is locked This topic is locked
21 replies to this topic

#1 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 13 January 2015 - 08:48 PM

My step daughters computer is showing that she has this on it.  Unfortunately the thing freezes within seconds of logging on.  I can't do anything on it.  Got to the uninstall settings but then it freezes.  Can't open any browsers or it freezes.  

 

Is there any way to get help with this without being able to use the other computer?

 

Help Me Please :)  


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 14 January 2015 - 02:45 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 

#3 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 14 January 2015 - 12:01 PM

Hi Marius!

 

Thank you for helping.  She has Windows 8 (I'm sorry I should have posted that in my first post), will these instructions still work?



#4 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 14 January 2015 - 01:04 PM

I saw when downloading it can be used on Windows 8.  I downloaded both the 32 and 64.  But when I try to enter system recovery options I cannot get there.  I have pressed F8 until my fingers are blue (7 tries now) with no results.  I tried other F buttons and got into an options BIOS thing but there was no repair your computer option.  

 

So I downloaded both FRST on to the infected computer and tried to run them.  Each time I do the computer freezes.  

 

I've started the computer with the flash drive in and without it in.  

 

OK I figured out how to get there without using F8 and it worked :)


Edited by ASBraid, 14 January 2015 - 02:37 PM.


#5 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 14 January 2015 - 01:46 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by SYSTEM on MININT-KL7HM6G on 14-01-2015 14:44:32
Running from d:\
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3733824 2014-12-01] (Crawler.com)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5411136 2014-12-01] (Crawler.com)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-04-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-24] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1907528 2014-12-01] (Crawler Group)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\Emily\...\Run: [BRS] => C:\Users\Emily\AppData\Local\WSE_Astromenda\BRS\brs.exe [1074688 2014-09-23] ()
HKU\Emily\...\Run: [GoogleChromeAutoLaunch_4576022B9F44AA60135391D3FA373354] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\Emily\...\Run: [GoogleChromeAutoLaunch_D0E69A2209DE5E5D2A3B6FC777BCD2EC] => C:\Users\Emily\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
AppInit_DLLs-x32: C:/PROGRA~3/{A9834~1/171~1.0/taca.dll => C:/PROGRA~3/{A9834~1/171~1.0/taca.dll [649216 2015-01-03] ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [702280 2014-12-01] (Crawler Group)
S2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3003712 2015-01-04] (Crawler Group)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2015-01-03] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-16] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20150102.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
S0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150105.001\ENG64.SYS [129752 2014-08-10] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150105.001\EX64.SYS [2137304 2014-08-10] (Symantec Corporation)
S2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2014-08-25] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-20] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 11:14 - 2015-01-14 11:14 - 00017537 _____ () C:\Users\Emily\Desktop\FRST.txt
2015-01-14 11:14 - 2015-01-14 11:14 - 00000000 ____D () C:\FRST
2015-01-14 11:00 - 2015-01-14 10:50 - 01116672 _____ (Farbar) C:\Users\Emily\Desktop\FRST.exe
2015-01-14 10:49 - 2015-01-14 10:07 - 02125312 _____ (Farbar) C:\Users\Emily\Desktop\FRST64.exe
2015-01-03 17:59 - 2015-01-03 17:59 - 00022528 _____ () C:\Users\Emily\AppData\Local\dsisetup11739098432.exe
2015-01-03 17:59 - 2015-01-03 17:59 - 00000010 _____ () C:\Users\Emily\AppData\Local\DSI.DAT
2015-01-03 16:59 - 2015-01-14 10:59 - 00000304 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2015-01-03 16:59 - 2015-01-03 17:59 - 00000000 ____D () C:\Users\Emily\AppData\Local\Vosteran
2015-01-03 16:59 - 2015-01-03 16:59 - 00002642 _____ () C:\Windows\System32\Tasks\WSE_Vosteran
2015-01-03 16:58 - 2015-01-13 17:23 - 00000000 ____D () C:\ProgramData\Spyware Clear
2015-01-03 16:58 - 2015-01-11 02:36 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-01-03 16:58 - 2015-01-03 16:59 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\WSE_Vosteran
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Spyware Clear
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\PC Tech Hotline
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\ProgramData\{A9834140-F901-90C6-4887-E044980533CA}
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2015-01-03 16:57 - 2015-01-03 16:57 - 04055840 _____ (Download Freely, LLC ) C:\Users\Emily\Downloads\MPlayer [1].exe
2015-01-03 16:56 - 2015-01-03 16:57 - 00690808 _____ ( ) C:\Users\Emily\Downloads\MPlayer.exe
2014-12-16 14:00 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 14:00 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 11:39 - 2014-09-21 13:21 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 11:39 - 2014-07-08 11:36 - 01263969 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 11:39 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-14 11:39 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 11:38 - 2014-09-21 05:58 - 00000000 __RDO () C:\Users\Emily\OneDrive
2015-01-14 11:36 - 2014-09-21 13:21 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 11:35 - 2014-09-21 05:54 - 00000093 _____ () C:\Users\Emily\AppData\Roaming\sp_data.sys
2015-01-14 11:14 - 2014-09-23 12:14 - 00000130 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2015-01-14 11:14 - 2014-09-23 02:15 - 00000304 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2015-01-14 11:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2015-01-14 10:13 - 2013-08-22 06:46 - 00020545 _____ () C:\Windows\setupact.log
2015-01-13 17:54 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-13 17:45 - 2014-03-18 01:47 - 00863592 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-11 07:35 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2015-01-10 03:55 - 2014-09-21 05:59 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2912723668-3401939186-1632935630-1001
2015-01-09 23:26 - 2014-09-21 05:53 - 00000000 ____D () C:\users\Emily
2015-01-05 16:11 - 2014-09-30 12:38 - 00000000 ____D () C:\Users\Emily\AppData\Local\CrashDumps
2015-01-05 16:10 - 2014-09-21 06:02 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BE22F7BA-23D9-449B-B6AC-D790A5C34477}
2015-01-05 16:08 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-04 06:00 - 2014-03-18 01:39 - 00467230 _____ () C:\Windows\PFRO.log
2015-01-03 16:58 - 2014-09-21 13:22 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-21 03:53 - 2013-08-22 05:25 - 00524288 ___SH () C:\Windows\System32\config\BBI

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2014-09-23 12:14] - [2014-08-22 23:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA

C:\Windows\SysWOW64\explorer.exe
[2014-09-23 12:14] - [2014-08-22 23:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2014-11-11 13:05] - [2014-09-21 20:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6C

C:\Windows\SysWOW64\User32.dll
[2014-11-11 13:05] - [2014-09-18 16:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1B

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-09-27 04:42] - [2014-06-18 18:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB


==================== Restore Points  =========================

Restore point made on: 2014-12-11 14:31:52
Restore point made on: 2014-12-18 17:01:20

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 3982.68 MB
Available physical RAM: 3320.43 MB
Total Pagefile: 3982.68 MB
Available Pagefile: 3345.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:416.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
Drive f: (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2015-01-03 11:44

==================== End Of Log ============================


#6 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 17 January 2015 - 05:29 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3733824 2014-12-01] (Crawler.com)
    HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5411136 2014-12-01] (Crawler.com)
    HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1907528 2014-12-01] (Crawler Group)
    HKU\Emily\...\Run: [BRS] => C:\Users\Emily\AppData\Local\WSE_Astromenda\BRS\brs.exe [1074688 2014-09-23] ()
    AppInit_DLLs-x32: C:/PROGRA~3/{A9834~1/171~1.0/taca.dll => C:/PROGRA~3/{A9834~1/171~1.0/taca.dll [649216 2015-01-03] ()
    
    2015-01-03 16:59 - 2015-01-14 10:59 - 00000304 _____ () C:\Windows\Tasks\WSE_Vosteran.job
    2015-01-03 16:59 - 2015-01-03 17:59 - 00000000 ____D () C:\Users\Emily\AppData\Local\Vosteran
    2015-01-03 16:59 - 2015-01-03 16:59 - 00002642 _____ () C:\Windows\System32\Tasks\WSE_Vosteran
    2015-01-03 16:58 - 2015-01-13 17:23 - 00000000 ____D () C:\ProgramData\Spyware Clear
    2015-01-03 16:58 - 2015-01-11 02:36 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
    2015-01-03 16:58 - 2015-01-03 16:59 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\WSE_Vosteran
    2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Spyware Clear
    2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\PC Tech Hotline
    2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\ProgramData\Unchecky
    2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\ProgramData\{A9834140-F901-90C6-4887-E044980533CA}
    2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
    2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Program Files (x86)\Unchecky
    2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
    2015-01-03 16:57 - 2015-01-03 16:57 - 04055840 _____ (Download Freely, LLC ) C:\Users\Emily\Downloads\MPlayer [1].exe
    C:\ProgramData\SetStretch.exe
    C:\ProgramData\SetStretch.VBS

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Proud Member of UNITE & TB
 

#7 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 17 January 2015 - 10:11 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by SYSTEM at 2015-01-17 11:09:29 Run:1
Running from d:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3733824 2014-12-01] (Crawler.com)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5411136 2014-12-01] (Crawler.com)
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1907528 2014-12-01] (Crawler Group)
HKU\Emily\...\Run: [BRS] => C:\Users\Emily\AppData\Local\WSE_Astromenda\BRS\brs.exe [1074688 2014-09-23] ()
AppInit_DLLs-x32: C:/PROGRA~3/{A9834~1/171~1.0/taca.dll => C:/PROGRA~3/{A9834~1/171~1.0/taca.dll [649216 2015-01-03] ()

2015-01-03 16:59 - 2015-01-14 10:59 - 00000304 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2015-01-03 16:59 - 2015-01-03 17:59 - 00000000 ____D () C:\Users\Emily\AppData\Local\Vosteran
2015-01-03 16:59 - 2015-01-03 16:59 - 00002642 _____ () C:\Windows\System32\Tasks\WSE_Vosteran
2015-01-03 16:58 - 2015-01-13 17:23 - 00000000 ____D () C:\ProgramData\Spyware Clear
2015-01-03 16:58 - 2015-01-11 02:36 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-01-03 16:58 - 2015-01-03 16:59 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\WSE_Vosteran
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Spyware Clear
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\PC Tech Hotline
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\ProgramData\{A9834140-F901-90C6-4887-E044980533CA}
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-01-03 16:58 - 2015-01-03 16:58 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2015-01-03 16:57 - 2015-01-03 16:57 - 04055840 _____ (Download Freely, LLC ) C:\Users\Emily\Downloads\MPlayer [1].exe
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearShield => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearUpdater => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PCTechHotline => value deleted successfully.
HKU\Emily\Software\Microsoft\Windows\CurrentVersion\Run\\BRS => value deleted successfully.
"C:/PROGRA~3/{A9834~1/171~1.0/taca.dll" => Value Data removed successfully.
C:\Windows\Tasks\WSE_Vosteran.job => Moved successfully.
C:\Users\Emily\AppData\Local\Vosteran => Moved successfully.
C:\Windows\System32\Tasks\WSE_Vosteran => Moved successfully.
C:\ProgramData\Spyware Clear => Moved successfully.
C:\Program Files (x86)\Spyware Clear => Moved successfully.
C:\Users\Emily\AppData\Roaming\WSE_Vosteran => Moved successfully.
C:\Users\Emily\AppData\Roaming\Spyware Clear => Moved successfully.
C:\Users\Emily\AppData\Roaming\PC Tech Hotline => Moved successfully.
C:\ProgramData\Unchecky => Moved successfully.
C:\ProgramData\{A9834140-F901-90C6-4887-E044980533CA} => Moved successfully.
C:\Program Files (x86)\WSE_Vosteran => Moved successfully.
C:\Program Files (x86)\Unchecky => Moved successfully.
C:\Program Files (x86)\PCTechHotline => Moved successfully.
C:\Users\Emily\Downloads\MPlayer [1].exe => Moved successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.

==== End of Fixlog 11:09:34 ====


#8 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 19 January 2015 - 05:28 AM

Please try to boot into windows.

If it works, perform the following steps:

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 

#9 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 January 2015 - 02:03 PM

gmer rootkit scanner

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-19 15:03:54
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000021 ST500LT012-1DG142 rev.0003SDM1 465.76GB
Running: ry3sbrg4.exe; Driver: C:\Users\Emily\AppData\Local\Temp\kxldapod.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Windows\system32\csrss.exe [6136:3092]            fffff960008a0b90
Thread  C:\Windows\System32\SettingSyncHost.exe [6012:5540]  00007fff98f36da0
 
---- Disk sectors - GMER 2.1 ----
 
Disk    \Device\Harddisk0\DR0                                unknown MBR code
 
---- EOF - GMER 2.1 ----


#10 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 January 2015 - 02:11 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Emily (administrator) on EMILY on 19-01-2015 15:07:50
Running from C:\Users\Emily\Desktop
Loaded Profiles: Emily (Available profiles: Emily)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coNatHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-04-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\...\Run: [GoogleChromeAutoLaunch_4576022B9F44AA60135391D3FA373354] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\...\Run: [GoogleChromeAutoLaunch_D0E69A2209DE5E5D2A3B6FC777BCD2EC] => "C:\Users\Emily\AppData\Local\Vosteran\Application\vosteran.exe" --auto-launch-at-startup --profile-directory="Default"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://Vosteran.com/?f=1&a=vst_dnldkng_15_01_ie&cd=2XzuyEtN2Y1L1QzuyBzztByE0A0FyC0E0D0A0AtCyC0D0DyEtN0D0Tzu0StCtDzyzztN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0CtDzzyByCtG0E0E0DzytG0A0D0CyBtGzytD0AtBtGtD0AyEyDzy0Dzy0C0DtAtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyD0F0EyByDyEtG0A0FyB0CtGyEzyzzyDtGzz0A0A0BtG0FyD0Czy0F0FtBtD0CtDyDtC2Q&cr=191532094&ir=
HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_15_01_ie&cd=2XzuyEtN2Y1L1QzuyBzztByE0A0FyC0E0D0A0AtCyC0D0DyEtN0D0Tzu0StCtDzyzztN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0CtDzzyByCtG0E0E0DzytG0A0D0CyBtGzytD0AtBtGtD0AyEyDzy0Dzy0C0DtAtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyD0F0EyByDyEtG0A0FyB0CtGyEzyzzyDtGzz0A0A0BtG0FyD0Czy0F0FtBtD0CtDyDtC2Q&cr=191532094&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_15_01_ie&cd=2XzuyEtN2Y1L1QzuyBzztByE0A0FyC0E0D0A0AtCyC0D0DyEtN0D0Tzu0StCtDzyzztN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0CtDzzyByCtG0E0E0DzytG0A0D0CyBtGzytD0AtBtGtD0AyEyDzy0Dzy0C0DtAtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyD0F0EyByDyEtG0A0FyB0CtGyEzyzzyDtGzz0A0A0BtG0FyD0Czy0F0FtBtD0CtDyDtC2Q&cr=191532094&ir=
SearchScopes: HKU\S-1-5-21-2912723668-3401939186-1632935630-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_15_01_ie&cd=2XzuyEtN2Y1L1QzuyBzztByE0A0FyC0E0D0A0AtCyC0D0DyEtN0D0Tzu0StCtDzyzztN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0CtDzzyByCtG0E0E0DzytG0A0D0CyBtGzytD0AtBtGtD0AyEyDzy0Dzy0C0DtAtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyD0F0EyByDyEtG0A0FyB0CtGyEzyzzyDtGzz0A0A0BtG0FyD0Czy0F0FtBtD0CtDyDtC2Q&cr=191532094&ir=
SearchScopes: HKU\S-1-5-21-2912723668-3401939186-1632935630-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_15_01_ie&cd=2XzuyEtN2Y1L1QzuyBzztByE0A0FyC0E0D0A0AtCyC0D0DyEtN0D0Tzu0StCtDzyzztN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzz0A0CtDzzyByCtG0E0E0DzytG0A0D0CyBtGzytD0AtBtGtD0AyEyDzy0Dzy0C0DtAtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyD0F0EyByDyEtG0A0FyB0CtGyEzyzzyDtGzz0A0A0BtG0FyD0Czy0F0FtBtD0CtDyDtC2Q&cr=191532094&ir=
SearchScopes: HKU\S-1-5-21-2912723668-3401939186-1632935630-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2912723668-3401939186-1632935630-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF [2014-10-20]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2015-01-17]

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.facebook.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-21]
CHR Extension: (Google Docs) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-21]
CHR Extension: (Google Drive) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-21]
CHR Extension: (YouTube) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-21]
CHR Extension: (ReadingFanatic) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikcgfijdkajegjjoiojhfejamblnbne [2014-10-26]
CHR Extension: (Google Search) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-21]
CHR Extension: (RadioRage) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnknncniillgijdlegfdffoheonaddd [2014-10-26]
CHR Extension: (Google Sheets) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-21]
CHR Extension: (Red Ball) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjalmjfkbijjjomllohadmkfkhgonop [2014-11-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-10-20]
CHR Extension: (HomeworkSimplified) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh [2014-10-14]
CHR Extension: (Google Wallet) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Extension: (Astromenda New Tab) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-09-23]
CHR Extension: (Gmail) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-20]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-20]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [X]
S2 SC_Svc; "C:\Program Files (x86)\Spyware Clear\SC_svc64.exe" [X]
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-16] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20150102.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150105.001\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150105.001\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
U3 kxldapod; \??\C:\Users\Emily\AppData\Local\Temp\kxldapod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 15:07 - 2015-01-19 15:07 - 00000000 ____D () C:\Users\Emily\Desktop\FRST-OlderVersion
2015-01-19 15:05 - 2015-01-19 15:05 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Emily\Downloads\tdsskiller.exe
2015-01-19 15:03 - 2015-01-19 15:03 - 00000596 _____ () C:\Users\Emily\Desktop\ark.txt
2015-01-19 14:56 - 2015-01-19 14:56 - 00380416 _____ () C:\Users\Emily\Downloads\ry3sbrg4.exe
2015-01-14 14:14 - 2015-01-19 15:08 - 00020112 _____ () C:\Users\Emily\Desktop\FRST.txt
2015-01-14 14:14 - 2015-01-19 15:07 - 00000000 ____D () C:\FRST
2015-01-14 13:49 - 2015-01-19 15:07 - 02126848 _____ (Farbar) C:\Users\Emily\Desktop\FRST64.exe
2015-01-03 20:59 - 2015-01-03 20:59 - 00022528 _____ () C:\Users\Emily\AppData\Local\dsisetup11739098432.exe
2015-01-03 20:59 - 2015-01-03 20:59 - 00000010 _____ () C:\Users\Emily\AppData\Local\DSI.DAT
2015-01-03 19:59 - 2015-01-03 19:59 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-01-03 19:58 - 2015-01-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-01-03 19:58 - 2015-01-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear with PC Tech Hotline
2015-01-03 19:56 - 2015-01-03 19:57 - 00690808 _____ ( ) C:\Users\Emily\Downloads\MPlayer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-19 14:51 - 2014-09-30 15:38 - 00000000 ____D () C:\Users\Emily\AppData\Local\CrashDumps
2015-01-19 14:44 - 2014-09-21 08:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2912723668-3401939186-1632935630-1001
2015-01-19 14:39 - 2014-09-21 16:21 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 14:39 - 2014-09-21 08:58 - 00000000 __RDO () C:\Users\Emily\OneDrive
2015-01-19 14:39 - 2014-09-21 08:54 - 00000093 _____ () C:\Users\Emily\AppData\Roaming\sp_data.sys
2015-01-19 14:14 - 2014-09-23 05:15 - 00000304 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2015-01-19 14:12 - 2014-07-08 14:36 - 01981953 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 13:14 - 2014-09-23 15:14 - 00000131 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2015-01-19 13:04 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-19 13:03 - 2014-09-21 09:02 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BE22F7BA-23D9-449B-B6AC-D790A5C34477}
2015-01-19 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-17 11:21 - 2014-03-18 04:47 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 11:15 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 11:07 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-14 14:36 - 2014-09-21 16:21 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 13:13 - 2013-08-22 09:46 - 00020545 _____ () C:\Windows\setupact.log
2015-01-11 10:35 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-10 02:26 - 2014-09-21 08:53 - 00000000 ____D () C:\Users\Emily
2015-01-05 19:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-04 09:00 - 2014-03-18 04:39 - 00467230 _____ () C:\Windows\PFRO.log
2015-01-03 19:58 - 2014-09-21 16:22 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======
2014-09-21 08:54 - 2015-01-19 14:39 - 0000093 _____ () C:\Users\Emily\AppData\Roaming\sp_data.sys
2014-09-23 15:14 - 2015-01-19 13:14 - 0000131 _____ () C:\Users\Emily\AppData\Roaming\WB.CFG
2015-01-03 20:59 - 2015-01-03 20:59 - 0000010 _____ () C:\Users\Emily\AppData\Local\DSI.DAT
2015-01-03 20:59 - 2015-01-03 20:59 - 0022528 _____ () C:\Users\Emily\AppData\Local\dsisetup11739098432.exe
2014-07-08 14:46 - 2014-07-08 14:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 17:51 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-03 14:44

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Emily at 2015-01-19 15:09:04
Running from C:\Users\Emily\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
PennyBee (HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\...\PennyBee) (Version: 1.0.2.2 - PennyBee) <==== ATTENTION!
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7235 - Realtek Semiconductor Corp.)
Spyware Clear with PC Tech Hotline (HKLM-x32\...\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1) (Version: 1.3.0.27 - Crawler Group)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WSE_Astromenda (HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\...\WSE_Astromenda) (Version:  - WSE_Astromenda) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-12-2014 17:29:05 Windows Update
18-12-2014 19:59:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-01-17 11:05 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {37DF9F07-AB51-4E47-B569-9D2E10CCC4B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3E593FF6-933B-40E7-B438-B1CA37EBFFAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {43BA0EDB-8691-476A-8867-06997020EF81} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {5852489C-DD64-4C24-A895-A175AB1BA70F} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {5A5E140C-0401-483A-A147-21F472C2348F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {6436E4AB-9ED0-4B7D-A7DA-F87C0837A91B} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {69F55742-36F1-4C13-8444-A63EC0785B42} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {9382552F-804F-4F97-9861-F52234998816} - System32\Tasks\WSE_Astromenda => C:\Users\Emily\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-09-23] () <==== ATTENTION
Task: {9A3C74FC-8BA6-40D3-ACAB-2C0756C81E53} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-01-17] ()
Task: {ADC61195-C473-4A7F-AC28-83A9C1551F42} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor)
Task: {B2764DFF-7D94-4942-B4CD-0F56D3299807} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {BEABC9A8-C0AD-416F-B341-C8874581E546} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {CA123DF3-0601-478D-89BA-29C027622998} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {CC129E22-3994-4DB6-95B7-4DB187E938BF} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-01-17] ()
Task: {D8133763-0729-4557-BAA3-65371AF32953} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {E27E9C90-6692-43FD-B3FC-062149ED6E45} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E4B3C20F-EED9-4D36-BDD7-8F35A195EE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {EA9ED815-7E3F-49DC-8186-BF2E8F3A70AD} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor)
Task: {FBD59DFB-71C4-45F2-B35D-2B3FB6815FFA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Emily\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-24 05:59 - 2014-02-24 05:59 - 00109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2014-12-12 06:38 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 06:38 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 06:38 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 06:38 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Emily\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2912723668-3401939186-1632935630-500 - Administrator - Disabled)
Emily (S-1-5-21-2912723668-3401939186-1632935630-1001 - Administrator - Enabled) => C:\Users\Emily
Guest (S-1-5-21-2912723668-3401939186-1632935630-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2912723668-3401939186-1632935630-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 02:51:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 01zvgt6q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 01zvgt6q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x125c
Faulting application start time: 0x01zvgt6q.exe0
Faulting application path: 01zvgt6q.exe1
Faulting module path: 01zvgt6q.exe2
Report Id: 01zvgt6q.exe3
Faulting package full name: 01zvgt6q.exe4
Faulting package-relative application ID: 01zvgt6q.exe5

Error: (01/19/2015 02:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 01zvgt6q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 01zvgt6q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0xd14
Faulting application start time: 0x01zvgt6q.exe0
Faulting application path: 01zvgt6q.exe1
Faulting module path: 01zvgt6q.exe2
Report Id: 01zvgt6q.exe3
Faulting package full name: 01zvgt6q.exe4
Faulting package-relative application ID: 01zvgt6q.exe5

Error: (01/19/2015 02:49:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 01zvgt6q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 01zvgt6q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x1070
Faulting application start time: 0x01zvgt6q.exe0
Faulting application path: 01zvgt6q.exe1
Faulting module path: 01zvgt6q.exe2
Report Id: 01zvgt6q.exe3
Faulting package full name: 01zvgt6q.exe4
Faulting package-relative application ID: 01zvgt6q.exe5

Error: (01/19/2015 01:45:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/13/2015 08:30:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: EMILY)
Description: Package Microsoft.BingFinance_3.0.4.253_x64__8wekyb3d8bbwe+AppexFinance was terminated because it took too long to suspend.

Error: (01/10/2015 06:55:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (01/10/2015 06:55:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (01/10/2015 06:55:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 06:55:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: delegate_execute.exe, version: 39.0.2171.95, time stamp: 0x54823f01
Faulting module name: delegate_execute.exe, version: 39.0.2171.95, time stamp: 0x54823f01
Exception code: 0xc0000005
Fault offset: 0x00037db3
Faulting process id: 0x13d4
Faulting application start time: 0xdelegate_execute.exe0
Faulting application path: delegate_execute.exe1
Faulting module path: delegate_execute.exe2
Report Id: delegate_execute.exe3
Faulting package full name: delegate_execute.exe4
Faulting package-relative application ID: delegate_execute.exe5

Error: (01/10/2015 05:40:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EMILY)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/17/2015 11:15:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Unchecky service failed to start due to the following error: 
%%2

Error: (01/17/2015 11:15:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spyware Clear Realtime Shield Service service failed to start due to the following error: 
%%2

Error: (01/17/2015 11:15:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PCTechHotlineService service failed to start due to the following error: 
%%2

Error: (01/17/2015 11:15:21 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee AP Service service depends on the following service: mfevtp. This service might not be installed.

Error: (01/17/2015 11:06:26 AM) (Source: DCOM) (EventID: 10010) (User: EMILY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (01/17/2015 11:06:11 AM) (Source: DCOM) (EventID: 10010) (User: EMILY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (01/17/2015 11:06:11 AM) (Source: DCOM) (EventID: 10010) (User: EMILY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (01/17/2015 11:06:11 AM) (Source: DCOM) (EventID: 10010) (User: EMILY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (01/17/2015 11:06:11 AM) (Source: DCOM) (EventID: 10010) (User: EMILY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (01/17/2015 11:06:10 AM) (Source: DCOM) (EventID: 10010) (User: EMILY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}


Microsoft Office Sessions:
=========================
Error: (01/19/2015 02:51:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 01zvgt6q.exe2.1.19357.052e7ea8301zvgt6q.exe2.1.19357.052e7ea83c0000005000011aa125c01d034214c70dd0aC:\Users\Emily\Downloads\01zvgt6q.exeC:\Users\Emily\Downloads\01zvgt6q.exe907c710e-a014-11e4-828d-7824af6edaa1

Error: (01/19/2015 02:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 01zvgt6q.exe2.1.19357.052e7ea8301zvgt6q.exe2.1.19357.052e7ea83c0000005000011aad1401d0342123052e80C:\Users\Emily\Downloads\01zvgt6q.exeC:\Users\Emily\Downloads\01zvgt6q.exe68d872b1-a014-11e4-828d-7824af6edaa1

Error: (01/19/2015 02:49:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 01zvgt6q.exe2.1.19357.052e7ea8301zvgt6q.exe2.1.19357.052e7ea83c0000005000011aa107001d03420fa8fd5a4C:\Users\Emily\Downloads\01zvgt6q.exeC:\Users\Emily\Downloads\01zvgt6q.exe3d89e0ea-a014-11e4-828d-7824af6edaa1

Error: (01/19/2015 01:45:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/13/2015 08:30:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: EMILY)
Description: Microsoft.BingFinance_3.0.4.253_x64__8wekyb3d8bbwe+AppexFinance

Error: (01/10/2015 06:55:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (01/10/2015 06:55:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (01/10/2015 06:55:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 06:55:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe39.0.2171.9554823f01delegate_execute.exe39.0.2171.9554823f01c000000500037db313d401d02ccc3aa8e8e2C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe8780a3f4-98bf-11e4-826f-7824af6edaa1

Error: (01/10/2015 05:40:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EMILY)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz
Percentage of memory in use: 41%
Total physical RAM: 3982.68 MB
Available physical RAM: 2323.94 MB
Total Pagefile: 4686.68 MB
Available Pagefile: 2824.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:416.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)

Partition: GPT Partition Type.

==================== End Of Log ============================

Attached Files


    Advertisements

Register to Remove


#11 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 20 January 2015 - 06:44 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    PennyBee
    
    WSE_Astromenda
    
    
    
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

 

Attached Files


Proud Member of UNITE & TB
 

#12 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 January 2015 - 08:29 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/20/2015
Scan Time: 8:33:03 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.21.01
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Emily
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323066
Time Elapsed: 24 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 9
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [e71e5d9d9ced54e24852fbefce34ab55], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [e71e5d9d9ced54e24852fbefce34ab55], 
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Vosteran, Quarantined, [af561fdbabde2d096630cab913f0ca36], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2912723668-3401939186-1632935630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran, Quarantined, [cc39fbff9dec2e089147ec89e122b64a], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2912723668-3401939186-1632935630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, Quarantined, [55b07981c0c9a88e7279e514dd27c739], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2912723668-3401939186-1632935630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_vosteran, Quarantined, [7c8946b490f9152194ed6594b74dfb05], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2912723668-3401939186-1632935630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [db2a25d5c2c754e2f1c2a2185ea518e8], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2912723668-3401939186-1632935630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [a85d95653158a6900cb8ad23ef157789], 
PUP.Optional.PennyBee.A, HKU\S-1-5-21-2912723668-3401939186-1632935630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe, Quarantined, [b1546c8e9fea86b099d38ee953b0ab55], 
 
Registry Values: 2
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [e22352a8d3b6d165ed60f902a55fc33d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2912723668-3401939186-1632935630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1Y1L1M1G1I1Q, Quarantined, [a85d95653158a6900cb8ad23ef157789]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 87
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\adapter, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\abstractbutton, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\abstractbutton\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\alert, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\alert\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedhtml, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedhtml\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedhtml\html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedhtml\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedscript, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedscript\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedscript\html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedscript\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\flare, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\flare\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\flare\icons, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\generic, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\generic\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\link, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\link\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\images, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\rss, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\rss\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\thirdparty, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\thirdparty\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\uninstall, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\uninstall\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\weather, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\weather\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\common, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\radio, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\radio\css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\radio\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\rss, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\rss\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\test, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\topapps, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\topapps\css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\topapps\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\weather, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\weather\css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\weather\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api\window, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\moviereviews, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\moviereviews\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\moviereviews\css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\moviereviews\html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\moviereviews\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio\css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio\foreground, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio\radioWrapper, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\search, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\search\background, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\search\html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\icons, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\native, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\native\libs, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\shared, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\_metadata, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.PennyBee.A, C:\Users\Emily\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_0ocfqynyx2kizcvdjg3en1x204yvuqwa, Quarantined, [b253d327543565d183d1a9babe4520e0], 
PUP.Optional.PennyBee.A, C:\Users\Emily\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_0ocfqynyx2kizcvdjg3en1x204yvuqwa\1.0.2.2, Quarantined, [b253d327543565d183d1a9babe4520e0], 
 
Files: 223
PUP.Optional.Vosteran.A, C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk, Quarantined, [e025788258311125c99fff788380a759], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niljpgchbakifofpdbooagpeodjdppeh_0.localstorage, Delete-on-Reboot, [fa0b04f69dec112566713facb94b2ad6], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niljpgchbakifofpdbooagpeodjdppeh_0.localstorage-journal, Delete-on-Reboot, [26dff60467224aec9641b4372bd97987], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\bg.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\buildVars, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\buildVars.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\companionSW.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\config.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\contentScript.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\contentScript.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\debug.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\debug.jade, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\extension_toolbar_api.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\initWidgetWindow.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\manifest.json, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\newTabContentScript.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\options.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\spent.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\spent.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\spent.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\spent2.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\spent2.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\spentJ.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\spentK.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\spentK.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\startup.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\stub.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\stubby.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\superFrame.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\toolbar.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\toolbar.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\toolbarUI.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\toolbarUI.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\toolbarUI.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\url.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\adapter\adapterUtil.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\adapter\widget-adapter.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\alert\background\alertButton.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\flare\background\FlareWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\flare\icons\Thumbs.db, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\generic\background\GenericWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\link\background\linkButton.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\README.txt, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\background\menuButton.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\css\menuframe.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\html\menuframe.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\images\right_arrow.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\images\right_arrow_white.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\js\menuframe.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\js\query-string.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\rss\background\RssWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\components\weather\background\weatherButton.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\bs.30.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\common.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\dynamic.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\enableDetect.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\eventListening.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\global.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\jquery-1.7.1.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\list-interaction.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\messageEventListener.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\navRedirector.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\paramReplacer.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\PartnerId.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\set.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\underscore-1.3.1.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\underscore-1.5.2.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\js\unifiedLogging.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widget-context-1.0.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\common\common.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\common\set.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\test\invalid.json, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\test\jquery.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\test\qunit.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\test\qunit.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\test\resource.json, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\test\resource.xml, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api\background\ApiBasedWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api\background\widget-api-impl.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api\window\widgetWindow.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\api\window\widgetWindow.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\background\updateSearch.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\moviereviews\css\movieReviews.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\moviereviews\html\movieReviews.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\moviereviews\js\movieReviews.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio\background\RadioWidget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio\css\toolbar-item.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio\foreground\button.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\search\background\searchBox.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\search\html\searchSuggestions.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\search\html\searchSuggestions.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\search\html\searchSuggestions.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\search\html\searchSuggestionsInit.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\css\supertab.css, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\html\supertab.html, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\js\newtabfork.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\js\reporting.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\js\srchsugg.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\js\supertab.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\js\unifiedLogging.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\components\supertab\js\__utm.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\icons\arrowSprite.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\icons\icon128.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\icons\icon16.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\icons\icon19disabled.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\icons\icon19on.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\icons\icon48.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\222115012.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\222115015.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\222115024.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\222115034.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\222115049.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\222115055.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\222115063.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\222115081.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\down_arrow.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\magnifying_glass.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\RadioPlayerSprite.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\search_button.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\tvf_icon_guide.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\tvf_logo.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\images\wrench.png, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\chromeUtils.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\exeManager.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\exeManagerNMD.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\exePackageManager.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\focusManager.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\globalBlacklistManager.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\messaging.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\mutation_summary-min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\mutation_summary.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\nativeMessagingDispatcher.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\newTabInfo.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\newTabInitialize.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\options.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\readLocalStorage.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\reservespacefortoolbar.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\reservespaceifenabled.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\scriptInjector.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\searchContext.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\settingsOverrides.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\toolbarCookieParser.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\toolbarPreinit.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\underscore-1.3.1.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\URILoaderContentScript.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\Widget.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\widgetContentScriptInjectee.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\widgetFactory.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\js\widgetWindowManager.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\native\cache.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\native\ce.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\native\debug.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\native\ss.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\native\libs\jquery-1.7.1.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\native\libs\jquery-1.9.1.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\native\libs\underscore-1.5.2.min.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\shared\HttpURL.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\shared\rsvp-latest.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\shared\unifiedLogging.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\shared\universalConsole.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\shared\utils.js, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\_metadata\computed_hashes.json, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.MindSpark.A, C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljpgchbakifofpdbooagpeodjdppeh\11.87.5.19221_0\_metadata\verified_contents.json, Quarantined, [3dc81bdfabde31053773291d54af9070], 
PUP.Optional.PennyBee.A, C:\Users\Emily\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_0ocfqynyx2kizcvdjg3en1x204yvuqwa\1.0.2.2\user.config, Quarantined, [b253d327543565d183d1a9babe4520e0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Emily at 2015-01-20 20:22:11 Run:2
Running from C:\Users\Emily\Desktop
Loaded Profiles: Emily (Available profiles: Emily)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\...\Run: [GoogleChromeAutoLaunch_D0E69A2209DE5E5D2A3B6FC777BCD2EC] => "C:\Users\Emily\AppData\Local\Vosteran\Application\vosteran.exe" --auto-launch-at-startup --profile-directory="Default"
HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://Vosteran.com/...r=191532094&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...r=191532094&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...r=191532094&ir=
SearchScopes: HKU\S-1-5-21-2912723668-3401939186-1632935630-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...r=191532094&ir=
SearchScopes: HKU\S-1-5-21-2912723668-3401939186-1632935630-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...r=191532094&ir=
CHR Extension: (RadioRage) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnknncniillgijdlegfdffoheonaddd [2014-10-26]
CHR Extension: (Astromenda New Tab) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-09-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
Task: {9382552F-804F-4F97-9861-F52234998816} - System32\Tasks\WSE_Astromenda => C:\Users\Emily\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-09-23] () <==== ATTENTION
Task: {BEABC9A8-C0AD-416F-B341-C8874581E546} - \WSE_Vosteran No Task File <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Emily\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [X]
S2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [X]
S2 SC_Svc; "C:\Program Files (x86)\Spyware Clear\SC_svc64.exe" [X]
 
C:\Users\Emily\AppData\Roaming\WSE_Astromenda
2015-01-03 19:59 - 2015-01-03 19:59 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-01-03 19:58 - 2015-01-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-01-03 19:58 - 2015-01-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear with PC Tech Hotline
2015-01-03 19:56 - 2015-01-03 19:57 - 00690808 _____ ( ) C:\Users\Emily\Downloads\MPlayer.exe
c:\Users\Emily\AppData\Local\Vosteran
C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnknncniillgijdlegfdffoheonaddd
C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
C:\Program Files (x86)\Spyware Clear
2015-01-19 14:14 - 2014-09-23 05:15 - 00000304 _____ () C:\Windows\Tasks\WSE_Astromenda.job
 
EmptyTemp:
Hosts:
Reboot:
*****************
 
HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D0E69A2209DE5E5D2A3B6FC777BCD2EC => value deleted successfully.
HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnknncniillgijdlegfdffoheonaddd => Moved successfully.
C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKU\S-1-5-21-2912723668-3401939186-1632935630-1001\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9382552F-804F-4F97-9861-F52234998816}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9382552F-804F-4F97-9861-F52234998816}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Astromenda => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEABC9A8-C0AD-416F-B341-C8874581E546}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEABC9A8-C0AD-416F-B341-C8874581E546}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran" => Key deleted successfully.
C:\Windows\Tasks\WSE_Astromenda.job => Moved successfully.
Unchecky => Service deleted successfully.
PCTechHotlineSvc => Service deleted successfully.
SC_Svc => Service deleted successfully.
C:\Users\Emily\AppData\Roaming\WSE_Astromenda => Moved successfully.
C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear with PC Tech Hotline => Moved successfully.
C:\Users\Emily\Downloads\MPlayer.exe => Moved successfully.
"c:\Users\Emily\AppData\Local\Vosteran" => File/Directory not found.
"C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnknncniillgijdlegfdffoheonaddd" => File/Directory not found.
"C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae" => File/Directory not found.
"C:\Program Files (x86)\Spyware Clear" => File/Directory not found.
"C:\Windows\Tasks\WSE_Astromenda.job" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 572 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:22:32 ====


#13 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 January 2015 - 09:49 PM

C:\FRST\Quarantine\C\Users\Emily\AppData\Local\Vosteran\Application\31.0.1650.23\Extensions\Vosteran.crx JS/Astromenda.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Emily\AppData\Local\Vosteran\Application\31.0.1650.23\Installer\chrome.7z JS/Astromenda.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Emily\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js JS/Astromenda.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Emily\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js JS/Astromenda.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Emily\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js JS/Astromenda.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Emily\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js JS/Astromenda.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Emily\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe Win32/DealPly.U potentially unwanted application
C:\FRST\Quarantine\C\Users\Emily\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.AD potentially unwanted application
C:\FRST\Quarantine\C\Users\Emily\Downloads\MPlayer.exe.xBAD a variant of Win32/InstallCore.TD potentially unwanted application


#14 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 21 January 2015 - 05:31 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!





Are any problems left or may I post the final reply? :)


Proud Member of UNITE & TB
 

#15 ASBraid

ASBraid

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 21 January 2015 - 12:29 PM

# AdwCleaner v4.108 - Report created 21/01/2015 at 13:27:11
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 8.1 Connected  (64 bits)
# Username : Emily - EMILY
# Running from : C:\Users\Emily\Desktop\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\astromendagames.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [1168 octets] - [21/01/2015 13:24:09]
AdwCleaner[S0].txt - [1095 octets] - [21/01/2015 13:27:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1155 octets] ##########

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users