Jump to content


Photo

Unauthorized Admin Rights / hacker


  • Please log in to reply
18 replies to this topic

#1 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 17 August 2016 - 08:14 PM

Hello!

 

Someone has full control of my laptop, as the moron sent my cryptic indicative e-mails telling me so. Also, while I'm using my laptop, the bored hacker messes w/me while I'm trying to log in, type, etc. I want this bastard out of my laptop! Hacker also took control of three e-mail accounts because there's indicative cryptic e-mails coming from the moron that they didn't want me to have. Can you help?

 

Here is my Malware log just recently scanned...

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/17/2016
Scan Time: 8:39 PM
Logfile: malware log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: OWNER
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375244
Time Elapsed: 27 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 85
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\adapter, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\abstractbutton, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\abstractbutton\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\alert, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\alert\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedhtml, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedhtml\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedhtml\html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedhtml\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedscript, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedscript\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedscript\html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedscript\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\flare, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\flare\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\flare\icons, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\generic, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\generic\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\link, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\link\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\images, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\rss, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\rss\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\thirdparty, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\thirdparty\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\uninstall, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\uninstall\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\weather, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\weather\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\common, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\radio, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\radio\css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\radio\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\rss, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\rss\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\test, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\topapps, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\topapps\css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\topapps\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\weather, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\weather\css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\weather\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api\window, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\moviereviews, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\moviereviews\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\moviereviews\css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\moviereviews\html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\moviereviews\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio\css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio\foreground, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio\radioWrapper, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\search, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\search\background, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\search\html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\icons, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\native, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\native\libs, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\shared, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\_metadata, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib, , [3d29550cc0d92214d3cc030ed03547b9], 
 
Files: 235
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\manifest.json, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\spent.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\bg.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\buildVars, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\buildVars.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\companionSW.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\config.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\contentScript.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\contentScript.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\debug.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\debug.jade, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\extension_toolbar_api.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\initWidgetWindow.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\newTabContentScript.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\options.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\spent.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\spent.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\spent2.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\spent2.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\spentJ.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\spentK.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\spentK.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\startup.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\stub.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\stubby.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\superFrame.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\toolbar.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\toolbar.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\toolbarUI.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\toolbarUI.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\toolbarUI.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\url.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\webtooltab.cs.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\adapter\adapterUtil.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\adapter\widget-adapter.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\abstractbutton\background\abstractButton.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\alert\background\alertButton.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedhtml\background\embedHtmlWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedhtml\html\embedHtmlTemplate.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedhtml\js\embedHtmlUI.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedscript\background\embedScriptWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedscript\html\embedScriptTemplate.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\embedscript\js\embedScriptUI.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\flare\background\FlareWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\flare\icons\Icon_Flare_blue.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\flare\icons\Icon_Flare_pink.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\flare\icons\Thumbs.db, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\generic\background\GenericWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\link\background\linkButton.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\README.txt, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\background\menuButton.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\css\menuframe.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\html\menuframe.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\images\right_arrow.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\images\right_arrow_white.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\js\jquery-1.7.1.min.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\js\menuframe.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\js\query-string.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\menu\js\underscore-1.3.1.min.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\rss\background\RssWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\thirdparty\background\thirdPartyWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\uninstall\background\uninstallButton.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\components\weather\background\weatherButton.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\bs.30.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\common.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\dynamic.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\enableDetect.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\eventListening.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\global.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\jquery-1.7.1.min.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\list-interaction.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\messageEventListener.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\navRedirector.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\paramReplacer.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\PartnerId.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\set.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\underscore-1.3.1.min.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\underscore-1.5.2.min.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\js\unifiedLogging.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widget-context-1.0.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\common\common.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\common\eventListening.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\common\list-interaction.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\common\set.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\radio\radio-widget.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\radio\css\radio-widget.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\radio\js\radio-custom.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\radio\js\radio-parser.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\radio\js\radio-widget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\rss\rssWidget.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\rss\js\rss-widget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\test\invalid.json, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\test\jquery.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\test\qunit.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\test\qunit.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\test\resource.json, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\test\resource.xml, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\test\testWidget.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\test\testWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\topapps\widget.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\topapps\css\widget.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\topapps\js\topapps-config.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\topapps\js\widget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\weather\weatherButton.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\weather\css\weatherButton.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\common\widget-api\widgets\weather\js\weather.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api\background\ApiBasedWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api\background\widget-api-impl.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api\window\hiddenWidgetWindow.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api\window\hiddenWidgetWindow.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api\window\hiddenWidgetWindowInit.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api\window\widgetWindow.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\api\window\widgetWindow.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\background\updateSearch.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\background\updateSearchPromptBg.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\07_buttons2.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\08_buttons2.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\defaultSearchModal.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\tvf_btn_ok.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\tvf_btn_ok2.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\tvf_restart_icon.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\defaultSearch\foreground\updateSearchPromptFg.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\moviereviews\background\MovieReviewsWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\moviereviews\css\movieReviews.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\moviereviews\html\movieReviews.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\moviereviews\js\movieReviews.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio\background\RadioWidget.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio\css\toolbar-item.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio\foreground\button.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio\radioWrapper\radioWrapper.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\radio\radioWrapper\radioWrapper.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\search\background\searchBox.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\search\html\searchSuggestions.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\search\html\searchSuggestions.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\search\html\searchSuggestions.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\search\html\searchSuggestionsInit.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\css\supertab.css, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\html\supertab.html, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\js\newtabfork.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\js\reporting.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\js\srchsugg.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\js\supertab.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\js\unifiedLogging.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\components\supertab\js\__utm.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\icons\arrowSprite.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\icons\icon128.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\icons\icon16.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\icons\icon19disabled.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\icons\icon19on.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\icons\icon48.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\icons\tb_icon_search_disappearing_ask.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\223764870.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\223764873.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\223764895.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\223764907.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\223764921.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\223764937.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\224383999.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\down_arrow.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\IDR_PRODUCT_LOGO_16.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\IDR_WEBSTORE_ICON.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\magnifying_glass.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\RadioPlayerSprite.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\search_button.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\tvf_icon_guide.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\tvf_logo.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\images\wrench.png, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\js\chromeUtils.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\js\companionSWUtils.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\js\exeManager.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\js\exeManagerNMD.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\js\exePackageManager.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\js\focusManager.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\js\globalBlacklistManager.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9.60936_0\js\messaging.js, , [3d29550cc0d92214d3cc030ed03547b9], 
PUP.Optional.MindSpark, C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgkbcihahpocjmclehpjejmgjmijcib\12.41.9

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 18 August 2016 - 06:24 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Start by removing everyghint that Malwarebytes has reported.
Restart the computer normally when done.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

Let me know what problems persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 18 August 2016 - 05:55 PM

Thank you for your help so far...here are the logs you requested...

 

# AdwCleaner v6.000 - Logfile created 18/08/2016 at 18:39:46
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-12.4 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : OWNER - HP-LAPTOP
# Running from : C:\Users\OWNER\Downloads\adwcleaner_6.000.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\OWNER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk
[-] File deleted: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.aol.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.aol.com
 
 
***** [ Web browsers ] *****
 
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1450 Bytes] - [18/08/2016 18:39:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [1813 Bytes] - [18/08/2016 18:35:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1596 Bytes] ##########
 
******************************************************************** next scan you requested below...
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by OWNER (administrator) on HP-LAPTOP (18-08-2016 18:45:57)
Running from C:\Users\OWNER\Downloads
Loaded Profiles: OWNER (Available Profiles: OWNER)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avuirunnerx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\...\RunOnce: [Uninstall C:\Users\OWNER\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OWNER\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1164115143-704000759-1337320220-1002] => 212.138.84.62:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{acf8a3b1-0ae7-457c-bf38-3022204fbd45}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://files.pcpitstop.com/cab/pcmatic.cab
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-17]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2049016 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4320280 2015-11-16] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [73480 2016-06-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313088 2016-07-20] (AVG Technologies CZ, s.r.o.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-08-08] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-13] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NdisImPlatformMp; C:\Windows\System32\drivers\NdisImPlatform.sys [126976 2015-10-30] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 aswArKrn; \??\C:\Users\OWNER\AppData\Local\Temp\aswArKrn.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-18 18:30 - 2016-08-18 18:39 - 00000000 ____D C:\AdwCleaner
2016-08-18 17:50 - 2016-08-18 18:30 - 03784256 _____ C:\Users\OWNER\Downloads\adwcleaner_6.000.exe
2016-08-17 21:42 - 2016-08-17 21:47 - 00032779 _____ C:\Users\OWNER\Downloads\Addition.txt
2016-08-17 21:39 - 2016-08-18 18:45 - 00011422 _____ C:\Users\OWNER\Downloads\FRST.txt
2016-08-17 21:39 - 2016-08-18 18:45 - 00000000 ____D C:\FRST
2016-08-17 21:28 - 2016-08-17 21:39 - 02394624 _____ (Farbar) C:\Users\OWNER\Downloads\FRST64.exe
2016-08-17 21:10 - 2016-08-17 21:10 - 00070593 _____ C:\Users\OWNER\Desktop\malware log.txt
2016-08-17 20:29 - 2016-08-17 20:29 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-17 20:29 - 2016-08-17 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-17 20:29 - 2016-08-17 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-17 20:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-17 20:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-17 20:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-13 19:47 - 2016-08-13 19:47 - 00005748 _____ C:\Users\OWNER\Documents\cc_20160813_194720.reg
2016-08-09 20:10 - 2016-08-09 20:10 - 00000422 _____ C:\Users\OWNER\Documents\cc_20160809_201023.reg
2016-08-09 18:47 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 18:47 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 18:47 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 18:47 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 18:47 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 18:47 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 18:47 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 18:47 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 18:47 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 18:47 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 18:47 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 18:47 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 18:47 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 18:47 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 18:47 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 18:47 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 18:47 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 18:47 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 18:47 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 18:47 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 18:47 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 18:47 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 18:47 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 18:47 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 18:47 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 18:47 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 18:47 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 18:47 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 18:47 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 18:47 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 18:47 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 18:47 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 18:47 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 18:47 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 18:47 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 18:47 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 18:47 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 18:47 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 18:47 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 18:47 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 18:47 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 18:47 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 18:47 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 18:46 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 18:46 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 18:46 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 18:46 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 18:46 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 18:46 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 18:46 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 18:46 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 18:46 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 18:46 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 18:46 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 18:46 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 18:46 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 18:46 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 18:46 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 18:46 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 18:46 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 18:46 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 18:46 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 18:46 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 18:46 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 18:46 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 18:46 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 18:46 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 18:46 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 18:46 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 18:46 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 18:46 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 18:46 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 18:46 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 18:46 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 18:46 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 18:46 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 18:46 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 18:46 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 18:46 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 18:46 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 18:46 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 18:46 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 18:46 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 18:46 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 18:46 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 18:46 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 18:46 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 18:46 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 18:46 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 18:46 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 18:46 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 18:46 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 18:46 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 18:46 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 18:46 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 18:46 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 18:46 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 18:46 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 18:46 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 18:46 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 18:46 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 18:46 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 18:46 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 18:46 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 18:45 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 18:45 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 18:45 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 18:45 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 18:45 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 18:45 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 18:45 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 18:45 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 18:45 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 18:45 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 18:45 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 18:45 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 18:45 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 18:45 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 18:45 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 18:45 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 18:45 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 18:45 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 18:45 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 18:45 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 18:45 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 18:45 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 18:45 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 18:45 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 18:45 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 17:53 - 2016-08-09 17:53 - 00076872 _____ C:\Users\OWNER\Documents\cc_20160809_175322.reg
2016-08-09 17:48 - 2016-08-09 17:48 - 00002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-09 17:48 - 2016-08-09 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-09 17:48 - 2016-08-09 17:48 - 00000000 ____D C:\Program Files\CCleaner
2016-08-08 19:58 - 2016-08-17 18:20 - 00000474 ____H C:\WINDOWS\Tasks\Norton Security Scan for OWNER.job
2016-08-08 19:58 - 2016-08-08 19:58 - 00003714 _____ C:\WINDOWS\System32\Tasks\Norton Security Scan for OWNER
2016-08-08 19:57 - 2016-08-08 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2016-08-08 19:57 - 2016-08-08 19:57 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSSx64
2016-08-08 19:57 - 2016-08-08 19:57 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-08-08 19:57 - 2016-08-08 19:57 - 00000000 ____D C:\ProgramData\Norton
2016-08-08 19:57 - 2016-08-08 19:57 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-08-08 19:57 - 2016-08-08 19:57 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2016-08-08 17:47 - 2015-11-16 22:28 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160808-174743.backup
2016-08-08 17:39 - 2016-08-08 17:39 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-08 17:34 - 2016-08-08 17:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-08 17:34 - 2016-08-08 17:34 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-08-08 17:34 - 2016-08-08 17:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-08-08 17:34 - 2016-08-08 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-08-08 17:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-08-07 17:49 - 2016-08-07 17:49 - 00864120 _____ (ALWIL Software) C:\aswar.exe
2016-07-26 18:36 - 2016-07-26 18:36 - 00000000 ____D C:\ProgramData\HitmanPro
2016-07-20 08:46 - 2016-07-20 08:46 - 00313088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys
2016-07-19 19:06 - 2016-07-19 19:14 - 00000000 ____D C:\ProgramData\7z
2016-07-19 19:06 - 2016-07-19 19:06 - 00000000 ____D C:\ProgramData\setup
2016-07-19 19:06 - 2016-07-19 19:06 - 00000000 ____D C:\Program Files (x86)\Software Installer
2016-07-19 12:27 - 2016-07-19 12:27 - 00261888 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-18 18:47 - 2016-03-17 18:24 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-18 18:44 - 2016-03-17 18:24 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-18 18:44 - 2016-03-05 23:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-18 18:42 - 2015-12-25 14:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-18 18:40 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-18 18:39 - 2015-11-30 20:45 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B58057C0-0FB6-48D4-BE8B-48778E319688}
2016-08-18 18:39 - 2015-11-28 12:10 - 00000000 ____D C:\WINDOWS\system32\log
2016-08-18 17:47 - 2016-05-17 22:12 - 00000000 ____D C:\ProgramData\MFAData
2016-08-18 11:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-18 11:28 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-17 21:48 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-13 12:45 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-13 11:31 - 2015-02-23 13:15 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-13 11:23 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-13 11:23 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-13 11:23 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-12 19:07 - 2015-11-18 13:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-12 19:07 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-12 19:07 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-12 18:59 - 2015-11-18 13:28 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-11 18:56 - 2016-05-17 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-08-09 18:21 - 2015-05-16 00:33 - 00000000 ____D C:\Users\OWNER\Desktop\shortcuts
2016-08-09 17:54 - 2015-11-16 21:00 - 00000000 ____D C:\Users\OWNER\AppData\Local\Packages
2016-08-09 17:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-08 19:53 - 2016-03-17 18:28 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 19:38 - 2016-07-04 13:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-08-08 13:31 - 2015-11-16 21:07 - 00002363 _____ C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-08 13:31 - 2015-08-02 14:02 - 00000000 ___RD C:\Users\OWNER\OneDrive
2016-08-07 15:19 - 2015-11-16 23:05 - 00000000 ____D C:\Users\OWNER\AppData\Local\ElevatedDiagnostics
2016-08-02 19:19 - 2015-11-16 20:57 - 00834360 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-29 22:52 - 2015-12-25 14:14 - 00000000 ____D C:\Users\OWNER
2016-07-28 20:42 - 2016-03-17 18:24 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 20:42 - 2016-03-17 18:24 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-21 13:05 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
 
==================== Files in the root of some directories =======
 
2015-11-28 10:54 - 2016-01-02 22:34 - 0000053 _____ () C:\Users\OWNER\AppData\Roaming\LogFile.txt
2016-01-05 23:15 - 2016-04-09 11:08 - 0007606 _____ () C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
2016-01-10 19:41 - 2016-01-10 19:41 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\OWNER\AppData\Local\Temp\libeay32.dll
C:\Users\OWNER\AppData\Local\Temp\msvcr120.dll
C:\Users\OWNER\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-17 21:48
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by OWNER (administrator) on HP-LAPTOP (18-08-2016 18:45:57)
Running from C:\Users\OWNER\Downloads
Loaded Profiles: OWNER (Available Profiles: OWNER)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avuirunnerx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\...\RunOnce: [Uninstall C:\Users\OWNER\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OWNER\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1164115143-704000759-1337320220-1002] => 212.138.84.62:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{acf8a3b1-0ae7-457c-bf38-3022204fbd45}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://files.pcpitstop.com/cab/pcmatic.cab
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-17]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2049016 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4320280 2015-11-16] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [73480 2016-06-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313088 2016-07-20] (AVG Technologies CZ, s.r.o.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-08-08] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-13] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NdisImPlatformMp; C:\Windows\System32\drivers\NdisImPlatform.sys [126976 2015-10-30] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 aswArKrn; \??\C:\Users\OWNER\AppData\Local\Temp\aswArKrn.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-18 18:30 - 2016-08-18 18:39 - 00000000 ____D C:\AdwCleaner
2016-08-18 17:50 - 2016-08-18 18:30 - 03784256 _____ C:\Users\OWNER\Downloads\adwcleaner_6.000.exe
2016-08-17 21:42 - 2016-08-17 21:47 - 00032779 _____ C:\Users\OWNER\Downloads\Addition.txt
2016-08-17 21:39 - 2016-08-18 18:45 - 00011422 _____ C:\Users\OWNER\Downloads\FRST.txt
2016-08-17 21:39 - 2016-08-18 18:45 - 00000000 ____D C:\FRST
2016-08-17 21:28 - 2016-08-17 21:39 - 02394624 _____ (Farbar) C:\Users\OWNER\Downloads\FRST64.exe
2016-08-17 21:10 - 2016-08-17 21:10 - 00070593 _____ C:\Users\OWNER\Desktop\malware log.txt
2016-08-17 20:29 - 2016-08-17 20:29 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-17 20:29 - 2016-08-17 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-17 20:29 - 2016-08-17 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-17 20:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-17 20:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-17 20:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-13 19:47 - 2016-08-13 19:47 - 00005748 _____ C:\Users\OWNER\Documents\cc_20160813_194720.reg
2016-08-09 20:10 - 2016-08-09 20:10 - 00000422 _____ C:\Users\OWNER\Documents\cc_20160809_201023.reg
2016-08-09 18:47 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 18:47 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 18:47 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 18:47 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 18:47 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 18:47 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 18:47 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 18:47 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 18:47 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 18:47 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 18:47 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 18:47 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 18:47 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 18:47 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 18:47 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 18:47 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 18:47 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 18:47 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 18:47 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 18:47 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 18:47 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 18:47 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 18:47 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 18:47 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 18:47 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 18:47 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 18:47 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 18:47 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 18:47 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 18:47 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 18:47 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 18:47 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 18:47 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 18:47 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 18:47 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 18:47 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 18:47 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 18:47 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 18:47 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 18:47 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 18:47 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 18:47 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 18:47 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 18:46 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 18:46 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 18:46 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 18:46 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 18:46 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 18:46 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 18:46 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 18:46 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 18:46 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 18:46 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 18:46 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 18:46 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

Attached Files



#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 19 August 2016 - 06:22 AM

Please download and run the Norton Removal tool.
This will remove all traces of Norton from the computer.
Restart the computer when completed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
S3 aswArKrn; \??\C:\Users\OWNER\AppData\Local\Temp\aswArKrn.sys [X]
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: C:\WINDOWS\Tasks\Norton Security Scan for OWNER.job =>
Task: {78278AE4-06E9-4CDC-9A18-A21649EDB0D8} - System32\Tasks\Norton Security Scan for OWNER => C:\Program Files (x86)\Norton Security Scan\Engine\4.5.0.72\Nss.exe [2016-05-18] (Symantec Corporation)
C:\Users\OWNER\Documents\cc_20160813_194720.reg
C:\Users\OWNER\Documents\cc_20160809_201023.reg

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 19 August 2016 - 08:10 PM

nasdaq,

 

Here's the log you requested...the only thing that seems to persist, at this point, is that my laptop runs sluggish.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by OWNER (19-08-2016 20:58:09) Run:1
Running from C:\Users\OWNER\Downloads
Loaded Profiles: OWNER (Available Profiles: OWNER)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
S3 aswArKrn; \??\C:\Users\OWNER\AppData\Local\Temp\aswArKrn.sys [X]
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: C:\WINDOWS\Tasks\Norton Security Scan for OWNER.job =>
Task: {78278AE4-06E9-4CDC-9A18-A21649EDB0D8} - System32\Tasks\Norton Security Scan for OWNER => C:\Program Files (x86)\Norton Security Scan\Engine\4.5.0.72\Nss.exe [2016-05-18] (Symantec Corporation)
C:\Users\OWNER\Documents\cc_20160813_194720.reg
C:\Users\OWNER\Documents\cc_20160809_201023.reg
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\okmhneofinpilciglijihehjpaegledb" => key removed successfully
aswArKrn => service removed successfully
"C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\WINDOWS\Tasks\Norton Security Scan for OWNER.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78278AE4-06E9-4CDC-9A18-A21649EDB0D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78278AE4-06E9-4CDC-9A18-A21649EDB0D8}" => key removed successfully
C:\WINDOWS\System32\Tasks\Norton Security Scan for OWNER => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Scan for OWNER" => key removed successfully
C:\Users\OWNER\Documents\cc_20160813_194720.reg => moved successfully
C:\Users\OWNER\Documents\cc_20160809_201023.reg => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8693635 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 3840 B
Edge => 122955625 B
Chrome => 275287559 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 7168 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5714 B
NetworkService => 0 B
OWNER => 36781074 B
PCPitstopSVC => 7168 B
 
RecycleBin => 0 B
EmptyTemp: => 423.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:00:17 ====


#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 20 August 2016 - 06:28 AM

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 20 August 2016 - 11:03 AM

nasdaq,

 

here's the Zoek Log you requested...again, my laptop runs sluggish.

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by OWNER on Sat 08/20/2016 at 10:54:07.61.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\OWNER\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
8/20/2016 10:57:51 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\HitmanPro deleted successfully
C:\Users\PCPitstopSVC\AppData\LocalLow deleted successfully
C:\Users\OWNER\AppData\Local\ActiveSync deleted successfully
C:\Users\OWNER\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Software Installer deleted
C:\PROGRA~3\Application Data deleted
C:\aswar.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\Tasks\avast! Windows 10 Start Menu helper deleted
 
==== Chromium Look ======================
 
 
Chrome Media Router - OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://yahoo.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"
HKLM\Wow6432Node\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.co...q={searchTerms}
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...Box&FORM=IESR02
 
==== Reset Google Chrome ======================
 
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\OWNER\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\OWNER\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\OWNER\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\OWNER\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=22 folders=23 22804158 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\OWNER\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sat 08/20/2016 at 12:01:13.63 ======================


#8 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 20 August 2016 - 12:40 PM

nasdaq,

 

Additionally, a family member used the laptop AFTER the Zoek instruction/cleanup and told me that once again the hacker bastard is still messing w/her while she goes about her activity on the laptop.

 

I got the feeling that the stuff that was removed was just crap the bastard threw out there to make it seem AS IF we got it when hacker bastard has something deeply hidden in my laptop system that none of these scanners is picking up.

 

How can I remove the hacker bastard for good? AND how is the hacker bastard continually able to keep accessing my laptop remotely so they can keep messing w/me on it? As I am beyond tired of this bastard popping in to my laptop whenever they feel like messing w/us!!!

 

​What can be done about this bastard???



#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 20 August 2016 - 12:52 PM


Did you set this proxy?
ProxyServer: [S-1-5-21-1164115143-704000759-1337320220-1002] => 212.138.84.62:80

The IP 212.138.84.62 is from Amsterdam. Can you relate to it?

https://who.is/whois...s/212.138.84.62

===

Reset your router. It may be infected.
Also change your Password.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/...t-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit...rg/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsuppo...belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/...ss-secure_.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 20 August 2016 - 01:08 PM

No! I did not set that proxy, don't know anything about it!

hacker bastard did!!

 

anyway, I cannot find the manufacturer on the list.



#11 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 20 August 2016 - 01:29 PM

is the router and the modem the same thing?

​cause I have a modem.



#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 21 August 2016 - 07:13 AM


Did your Internet provider installed the Modem?
They may be able to help you to find out if the password is not strong enough.
http://www.howtogeek...m-and-a-router/

What is the manufacturer's name or model number?

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ProxyServer: [S-1-5-21-1164115143-704000759-1337320220-1002] => 212.138.84.62:80
RemoveProxy:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 21 August 2016 - 09:49 AM

nasdaq,

 

Here's the log you requested....spoke to my provider and they weren't very helpful, as the tech seemed ill equipped to actually help me. Yesterday, the hacker bastard was messing w/a family while they were on the laptop. The SOB is having fun w/annoying said family member.

 

So the modem is what i have to work on to solve my issue? because this SOB will be at again.

All the steps you have given me seemed pretty easy and the modem part is where I go Huh?

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by OWNER (21-08-2016 10:39:33) Run:2
Running from C:\Users\OWNER\Downloads
Loaded Profiles: OWNER &  (Available Profiles: OWNER)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ProxyServer: [S-1-5-21-1164115143-704000759-1337320220-1002] => 212.138.84.62:80
RemoveProxy:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1164115143-704000759-1337320220-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1164115143-704000759-1337320220-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1164115143-704000759-1337320220-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 2528112 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7564653 B
Java, Flash, Steam htmlcache => 944 B
Windows/system/drivers => 37152 B
Edge => 1244372 B
Chrome => 98669939 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8978 B
NetworkService => 0 B
OWNER => 704177 B
PCPitstopSVC => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 105.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:41:33 ====


#14 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 21 August 2016 - 10:40 AM

the god damn hacker is still messing w/me. This SOB was in my banking long after I logged out.

What are we missing?



#15 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 21 August 2016 - 10:41 AM

I am trying to take a snapshot of my screen & the usual way of doing it no longer works!!! So sick of these changes...and they never tell you ahead of time.



#16 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 21 August 2016 - 11:04 AM

currently, I am in  a chat session w/my provider and the fucking hacker is intercepting playing games.



#17 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 21 August 2016 - 11:13 AM

also stated that I cannot go outside of my lease  as they provide the only modem w/their service.



#18 finob

finob

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 21 August 2016 - 05:31 PM

for the rest of the afternoon family members were on the laptop only to be annoyed by a very bored hacker w/no life.

so, what are we missing that said hacker bastard keeps getting in to play these games instead of getting a real life?

 

AND what I know is that the hacker was well aware of me typing to you seeking your help so obviously the bored fool was going to intercept it somehow, hence the continued annoyance.



#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 22 August 2016 - 06:03 AM

I do not know about your but I would change my provider.

Some one in the Networking forum can possibly better that I can.
http://www.bleepingc.../21/networking/

May be they can help in changing the password on the current router/modem.

p.s.

I leave in the Montreal area and I have purchased my Modem and Router. I have control.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!