Jump to content


Photo

Hijacked by Orange


  • Please log in to reply
8 replies to this topic

#1 Trackalina

Trackalina

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 16 July 2017 - 06:23 AM

Hi there, thanks for letting me in :yahoo: I confirm I have read the instructions for posting. 

We recently changed to Orange and now whenever I open Google Chrome I get "http://www.orange.fr/portail"instead of the pages I set. I've checked all my settings and can't see anything to fix. The problem seems to be confined to my laptop at the moment. I've turned off Sync just in case and so far the problem hasn't spread to the main computer. The Orange engineers used my laptop to set up the new router and there is a bit of Orange Update software on here now, but I'm not sure if I should take it off or not, or if that would even fix the problem. I admit that I also downloaded an orange freebie widget, but I uninstalled it as it was naff. Not sure if something came through with that? Just so you know, I have the free version of AVG running, but disabled it temporarily to run the malware software etc you recommended. 
I would really appreciate some help getting this sorted :help:  Thanks in advance  :D 
 

MALSCAN

 

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 7/14/17
Scan Time: 9:59 AM
Log File: malscan.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2359
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mummy-HP\Mummy
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 417355
Threats Detected: 2861
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 16 min, 54 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 26
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\APPID\{01994268-3C10-4044-A1EA-7A9C1B739A11}, No Action By User, [3450], [168085],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{01994268-3C10-4044-A1EA-7A9C1B739A11}, No Action By User, [3450], [168085],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{01994268-3C10-4044-A1EA-7A9C1B739A11}, No Action By User, [3450], [168085],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, No Action By User, [3450], [168095],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, No Action By User, [3450], [168095],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject, No Action By User, [3450], [168095],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject.1, No Action By User, [3450], [168095],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, No Action By User, [3450], [168095],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, No Action By User, [3450], [168095],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, No Action By User, [3450], [168095],1.0.2359
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UtilityChest_49 Chrome Extension Uninstall, No Action By User, [283], [178340],1.0.2359
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [102], [-1],0.0.0
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DATAMNGRCOORDINATOR.EXE, No Action By User, [9815], [253617],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, No Action By User, [3450], [239402],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}, No Action By User, [3450], [239408],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender.1, No Action By User, [3450], [239408],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}, No Action By User, [3450], [239408],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}, No Action By User, [3450], [239408],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender, No Action By User, [3450], [239408],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\igdhbblpcellaljokkpfhcjlagemhgjl, No Action By User, [3450], [239419],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, No Action By User, [3450], [239402],1.0.2359
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DATAMNGRCOORDINATOR.EXE, No Action By User, [9815], [253617],1.0.2359
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\Iminent.WebBooster.InternetExplorer.DLL, No Action By User, [3450], [239402],1.0.2359
PUP.Optional.SweetIM, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\SweetIM, No Action By User, [1197], [243758],1.0.2359
PUP.Optional.SofTonic, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{91E32DBE-D07F-4174-9EB0-EDFC3D0ADC54}, No Action By User, [3691], [243270],1.0.2359
PUP.Optional.HomePageHelper, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EF193DF4-A9EF-11E4-AB12-D03C794352DE}, No Action By User, [13181], [239111],1.0.2359
 
Registry Value: 18
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [102], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [102], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [102], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [102], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, No Action By User, [102], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, No Action By User, [102], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [102], [-1],0.0.0
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DATAMNGRCOORDINATOR.EXE|DEBUGGER, No Action By User, [9815], [253617],1.0.2359
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, [9815], [-1],0.0.0
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, [9815], [-1],0.0.0
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DATAMNGRCOORDINATOR.EXE|DEBUGGER, No Action By User, [9815], [253617],1.0.2359
PUP.Optional.NextLive, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NEXTLIVE, No Action By User, [7429], [241212],1.0.2359
PUP.Optional.SofTonic, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{91E32DBE-D07F-4174-9EB0-EDFC3D0ADC54}|URL, No Action By User, [3691], [243270],1.0.2359
PUP.Optional.SofTonic, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{91E32DBE-D07F-4174-9EB0-EDFC3D0ADC54}|FAVICONURL, No Action By User, [3691], [243270],1.0.2359
PUP.Optional.HomePageHelper, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EF193DF4-A9EF-11E4-AB12-D03C794352DE}|FAVICONURL, No Action By User, [13181], [239111],1.0.2359
PUP.Optional.HomePageHelper, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EF193DF4-A9EF-11E4-AB12-D03C794352DE}|FAVICONURLFALLBACK, No Action By User, [13181], [239111],1.0.2359
PUP.Optional.HomePageHelper, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EF193DF4-A9EF-11E4-AB12-D03C794352DE}|TOPRESULTURL, No Action By User, [13181], [239111],1.0.2359
PUP.Optional.HomePageHelper, HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EF193DF4-A9EF-11E4-AB12-D03C794352DE}|URL, No Action By User, [13181], [239111],1.0.2359
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 271
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-Stub, No Action By User, [9820], [175062],1.0.2359
PUP.Optional.SysTweak, C:\USERS\MUMMY\APPDATA\ROAMING\Systweak, No Action By User, [266], [327152],1.0.2359
PUP.Optional.Yontoo, C:\Program Files (x86)\LinkSwift\bin, No Action By User, [53], [180968],1.0.2359
PUP.Optional.Yontoo, C:\PROGRAM FILES (X86)\LinkSwift, No Action By User, [53], [180968],1.0.2359
PUP.Optional.LyricsViewer, C:\PROGRAM FILES (X86)\LyricsViewer-1, No Action By User, [12490], [178053],1.0.2359
PUP.Optional.SweetPacks, C:\PROGRAM FILES (X86)\sweetpacks bundle uninstaller, No Action By User, [1067], [348283],1.0.2359
PUP.Optional.MindSpark, C:\Program Files (x86)\UtilityChest_49 Chrome Extension\bar, No Action By User, [283], [178340],1.0.2359
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\UtilityChest_49 Chrome Extension, No Action By User, [283], [178340],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks\templating, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\views, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\iframe\tab_switch, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\indonesian, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\portuguese, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\chinese, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\spanish, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\italian, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\english, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\russian, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info\download, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\test, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\poland, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\arabic, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\vietna, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info\connect, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info\notice, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\bin, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\thai, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\portuguese, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\download, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\indonesian, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\contact, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\message, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\subject, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\driver, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\image, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\libraries, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\spanish, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\vedio, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\dialog, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\russian, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\iframe, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\italian, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\english, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\chinese, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\vietna, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\arabic, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\poland, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\app, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\moduletemp, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\thai, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\interface, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\ui, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\welcome, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\util, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\skin, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\lib, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\pb, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\page, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\phonon_backend, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\css, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\sqldrivers, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\log, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\CacheVersion, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\NewVersion, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Download\Picture, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Download\Music, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Download\Video, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Download\Apk, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Download, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\device, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\backup, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\driver, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Data, No Action By User, [915], [322690],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\PublisherImages, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\PublisherImages, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\CSS, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\helperbar@helperbar.com, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\DistributionFiles\RollBack\Profiles, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\DistributionFiles\Profiles, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\DistributionFiles\RollBack, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\DistributionFiles\Configs, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application\Configs, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\DistributionFiles, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Common\iconsWide, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Common\Configs, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Common\icons, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Application, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\Users\Mummy\AppData\Local\Smartbar\Common, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.SmartBar, C:\USERS\MUMMY\APPDATA\LOCAL\Smartbar, No Action By User, [1637], [179640],1.0.2359
PUP.Optional.TidyNetwork, C:\Users\Mummy\AppData\Local\TNT2\Profiles\10443, No Action By User, [4007], [180062],1.0.2359
PUP.Optional.TidyNetwork, C:\Users\Mummy\AppData\Local\TNT2\2.0.0.1599, No Action By User, [4007], [180062],1.0.2359
PUP.Optional.TidyNetwork, C:\Users\Mummy\AppData\Local\TNT2\Profiles, No Action By User, [4007], [180062],1.0.2359
PUP.Optional.TidyNetwork, C:\Users\Mummy\AppData\Local\TNT2\Common, No Action By User, [4007], [180062],1.0.2359
PUP.Optional.TidyNetwork, C:\USERS\MUMMY\APPDATA\LOCAL\TNT2, No Action By User, [4007], [180062],1.0.2359
PUP.Optional.Wajam, C:\Users\Mummy\AppData\Local\Wajam\Chrome, No Action By User, [102], [180346],1.0.2359
PUP.Optional.Wajam, C:\USERS\MUMMY\APPDATA\LOCAL\Wajam, No Action By User, [102], [180346],1.0.2359
PUP.Optional.Lightning, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, No Action By User, [8982], [177971],1.0.2359
PUP.Optional.Lightning, C:\USERS\MUMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CEKCJPGEHMOHOBMDIIKFNOPIBIPMGNML, No Action By User, [8982], [177971],1.0.2359
PUP.Optional.MySearchDial, C:\Users\Mummy\AppData\LocalLow\mysearchdial\mysearchdial, No Action By User, [1617], [178635],1.0.2359
PUP.Optional.MySearchDial, C:\USERS\MUMMY\APPDATA\LOCALLOW\MYSEARCHDIAL, No Action By User, [1617], [178635],1.0.2359
PUP.Optional.BonanzaDeals, C:\USERS\MUMMY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BONANZADEALS, No Action By User, [6327], [182138],1.0.2359
PUP.Optional.WhoDeletedMe, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll\2.0.9_0\background, No Action By User, [6251], [377386],1.0.2359
PUP.Optional.WhoDeletedMe, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll\2.0.9_0\_metadata, No Action By User, [6251], [377386],1.0.2359
PUP.Optional.WhoDeletedMe, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll\2.0.9_0\content, No Action By User, [6251], [377386],1.0.2359
PUP.Optional.WhoDeletedMe, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll\2.0.9_0\vendor, No Action By User, [6251], [377386],1.0.2359
PUP.Optional.WhoDeletedMe, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll\2.0.9_0\icons, No Action By User, [6251], [377386],1.0.2359
PUP.Optional.WhoDeletedMe, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll\2.0.9_0, No Action By User, [6251], [377386],1.0.2359
PUP.Optional.WhoDeletedMe, C:\USERS\MUMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EIEPNNBJENKNNJGABBODAIHLNKKPKGLL, No Action By User, [6251], [377386],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\desktop_notification, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\connection_button, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\recomended_icons, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\flags\4x3, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\tooltips, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\social, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\flags, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\fonts, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\icons, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets\promo, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\ru, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\tr, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\vi, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\zh, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\ar, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\de, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\en, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\es, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\fa, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\fr, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\id, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\it, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\ja, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\ko, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales\pt, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\background, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\insertion, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_metadata, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\_locales, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\assets, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0\panel, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj\2.2.41_0, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.HotspotShieldVPN, C:\USERS\MUMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLBEJMCCBHKNCGOKJCMGHPFLOAAJCFFJ, No Action By User, [9582], [410830],1.0.2359
PUP.Optional.AmazonTB, C:\PROGRAM FILES (X86)\AMAZON BROWSER BAR, No Action By User, [10943], [235408],1.0.2359
PUP.Optional.AmazonTB, C:\USERS\MUMMY\APPDATA\LOCAL\AMAZON BROWSER BAR, No Action By User, [10943], [235407],1.0.2359
PUP.Optional.Wajam, C:\Users\Mummy\AppData\Local\Chromium\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\html, No Action By User, [102], [302727],1.0.2359
PUP.Optional.Wajam, C:\Users\Mummy\AppData\Local\Chromium\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0, No Action By User, [102], [302727],1.0.2359
PUP.Optional.Wajam, C:\USERS\MUMMY\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\JPMBFLELDCGKLDADPDINHJJOPDFPJFJP, No Action By User, [102], [302727],1.0.2359
PUP.Optional.Yontoo, C:\Users\Mummy\AppData\Local\Chromium\User Data\Default\Extensions\odpccdgkmiicgocepijnaeihjnjnomca\1.0.0_0, No Action By User, [53], [302132],1.0.2359
PUP.Optional.Yontoo, C:\USERS\MUMMY\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\ODPCCDGKMIICGOCEPIJNAEIHJNJNOMCA, No Action By User, [53], [302132],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\abstractbutton\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\embedscript\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\thirdparty\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\uninstall\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\embedhtml\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\weather\css, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\topapps\css, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\weather\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\weather\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\topapps\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\generic\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\radio\css, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\defaultSearch\foreground, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\defaultSearch\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\embedscript\html, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\alert\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\flare\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\radio\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\moviereviews\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\menu\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\topapps, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\link\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\weather, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\abstractbutton, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\embedhtml\html, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\embedscript\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\common, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\rss\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\rss\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\radio, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\test, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\embedhtml\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\embedscript, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\flare\icons, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\menu\images, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets\rss, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\radio\radioWrapper, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\search\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\thirdparty, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\moviereviews\html, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\embedhtml, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\menu\html, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\radio\foreground, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\uninstall, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\radio\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\moviereviews\css, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\menu\css, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\moviereviews\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\generic, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\menu\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\weather, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api\widgets, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\api\background, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\defaultSearch, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\supertab\html, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\alert, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\flare, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\moviereviews, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\supertab\css, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\search\html, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\menu, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\link, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\supertab\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components\rss, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\api\window, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\radio\css, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\supertab, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\widget-api, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\components, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\search, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\radio, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\adapter, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components\api, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\native\libs, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\components, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\_metadata, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\common, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\images, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\native, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\shared, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\icons, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0\js, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihglaibmkmfgicebjkkhjnfadaconj\12.9.6.9713_0, No Action By User, [283], [301931],1.0.2359
PUP.Optional.MindSpark, C:\USERS\MUMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGIHGLAIBMKMFGICEBJKKHJNFADACONJ, No Action By User, [283], [301931],1.0.2359
 
File: 2546
PUP.Optional.Yontoo, C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.InstallState, No Action By User, [53], [180968],1.0.2359
PUP.Optional.Yontoo, C:\Program Files (x86)\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx, No Action By User, [53], [180968],1.0.2359
PUP.Optional.Yontoo, C:\Program Files (x86)\LinkSwift\updateLinkSwift.InstallState, No Action By User, [53], [180968],1.0.2359
PUP.Optional.LyricsViewer, C:\Program Files (x86)\LyricsViewer-1\41990.crx, No Action By User, [12490], [178053],1.0.2359
PUP.Optional.LyricsViewer, C:\Program Files (x86)\LyricsViewer-1\background.html, No Action By User, [12490], [178053],1.0.2359
PUP.Optional.LyricsViewer, C:\Program Files (x86)\LyricsViewer-1\Installer.log, No Action By User, [12490], [178053],1.0.2359
PUP.Optional.MindSpark, C:\Program Files (x86)\UtilityChest_49 Chrome Extension\bar\UtilityChest@mindspark.com, No Action By User, [283], [178340],1.0.2359
PUP.Optional.MindSpark, C:\Program Files (x86)\UtilityChest_49 Chrome Extension\bar\UtilityChestCrxSetup.exe, No Action By User, [283], [178340],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Data\mobogenie_u_user_dl.mg, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats\qgif4.dll, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats\qico4.dll, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats\qjpeg4.dll, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats\qmng4.dll, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats\qsvg4.dll, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats\qtga4.dll, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats\qtiff4.dll, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\log\2013-12-27.log, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\log\action.log, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\phonon_backend\phonon_ds94.dll, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\sqldrivers\qsqlite4.dll, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\css\main.css, No Action By User, [915], [322690],1.0.2359
PUP.Optional.MoboGenie, C:\Users\Mummy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\j

#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,003 posts

Posted 16 July 2017 - 12:55 PM

Hello Trackalina and welcome to SpywareInfo Forum.

 

I'm Android 8888 and I'll be helping you with your malware issues.

 

In order to proceed please post the entire contents of Addition.txt log that should be located in your computer Desktop.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 Trackalina

Trackalina

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 16 July 2017 - 03:21 PM

Hi Android 8888, thanks for the rapid response  :biggrin: I did actually follow the posting instructions to the letter and attached the file Addition.txt to my original post, but here it is copied and pasted as requested. I do hope you can help  :biggrinblue: Cheers

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2017
Ran by Mummy (14-07-2017 09:52:21)
Running from C:\Users\Mummy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-01 22:23:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-149867241-399488070-2814908897-500 - Administrator - Disabled)
Guest (S-1-5-21-149867241-399488070-2814908897-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-149867241-399488070-2814908897-1014 - Limited - Enabled)
Mummy (S-1-5-21-149867241-399488070-2814908897-1001 - Administrator - Enabled) => C:\Users\Mummy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7z Extractor (HKLM-x32\...\{FA71EF19-3822-44F1-B843-B84CA34266CB}_is1) (Version:  - 7zextractor.com)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.159.1 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe GoLive CS2 English (HKLM-x32\...\Adobe GoLive CS2 English) (Version: 8.0 - Adobe Systems)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (HKLM-x32\...\WT087420) (Version: 2.2.0.95 - WildTangent) Hidden
Age of Empires® III: Complete Collection (HKLM\...\Steam App 105450) (Version:  - Ensemble Studios)
Age of Mythology GE (HKLM-x32\...\Age of Mythology GE_is1) (Version:  - R.G. Mechanics, SeRaph1)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version:  - )
ARMA 2 REINFORCEMENTS Uninstall (HKLM-x32\...\ARMA 2 REINFORCEMENTS) (Version:  - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version:  - )
AVG (HKLM\...\{49AB2080-7813-477F-835E-946DFD2CE4AA}) (Version: 1.201.1 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3021 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{149D912F-03DB-4895-913E-820CB11965C0}) (Version: 16.74.1 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye for RFT Uninstall (HKLM-x32\...\BattlEye for RFT) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bejeweled 2 Deluxe (HKLM-x32\...\WT087428) (Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
BookSmart® 3.3.1 3.3.1 (HKLM-x32\...\BookSmart® 3.3.1 3.3.1) (Version:  - Blurb, Inc)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.50.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.30.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.30.0 - Canon Inc.)
Chuzzle Deluxe (HKLM-x32\...\WT087453) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dawn of War - Dark Crusade (HKLM-x32\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
DeskMarker (HKLM-x32\...\4_is1) (Version: 2.0 - delight software gmbh)
Disney Infinity Toy Box (HKLM-x32\...\{11CB229E-8A2B-40FD-8670-4EC92D3DDAD5}) (Version: 1.81.1602 - Disney Interactive)
Dora's Carnival Adventure (HKLM-x32\...\WT087342) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\Dropbox) (Version: 31.3.18 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
EclipseCrossword (HKLM-x32\...\{F389DB8F-0716-4FC6-82B2-02B2FA2B4F24}) (Version: 1.2.61 - Green Eclipse)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Escape Rosecliff Island (HKLM-x32\...\WT087360) (Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 2.40 - NCH Software)
Facebook Games Arcade 0.8.1.0 (HKLM-x32\...\{AA936BCA-D4C1-41ED-BBB5-DFFC384E6DF2}) (Version: 0.8.1.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (HKLM\...\{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
Free Crossword Puzzle Maker version 1.0 (HKLM-x32\...\{763766F6-A810-49fe-A94B-1AC8F00E980E}_is1) (Version: 1.0 - )
Free Download Manager 3.8 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GrammarPro! (HKLM-x32\...\{99024F9F-40ED-4CBF-9744-2015334006E0}) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{132234A4-9362-4829-957F-FF11715F7815}) (Version: 1.1.1.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.22.13 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Impossible Creatures (HKLM-x32\...\Impossible Creatures 1.0) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2141 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest - Heritage (HKLM-x32\...\WT087374) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
LightScribe System Software (HKLM-x32\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Accounting 2009 (HKLM-x32\...\Microsoft Office Accounting 2009) (Version: 4.0.3610.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 Equifax Addin (HKLM-x32\...\{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 Fixed Asset Manager (HKLM-x32\...\{53276F5A-85AB-4BEF-BAA2-2490975DC006}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 PayPal Addin (HKLM-x32\...\{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 Tax Integration Add-in (HKLM-x32\...\{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.5136.5001 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Publisher 2010 (HKLM-x32\...\Office14.PUBLISHERR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version:  - Tale Worlds)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Tale Worlds)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Mozilla Firefox 54.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-GB)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Namo WebCanvas 2006 (HKLM-x32\...\{A9DE7D74-A4D9-465A-9EE1-49D1577983AA}) (Version: 2.0 - Sejoong Namo Interactive, Inc.)
Namo WebEditor 2006 (HKLM-x32\...\{980A3C34-1652-472D-84AC-2A4D3D4955BF}) (Version: 7.00.000 - Sejoong Namo Interactive, Inc.)
Namo WebUtilities 2006 (HKLM-x32\...\{A7B5CF5F-6BB3-4616-950E-0CF3C9A023AD}) (Version: 1.1 - Sejoong Namo Interactive, Inc.)
Napoleon Total Factions (HKLM-x32\...\Napoleon Total Factions3.6.1) (Version: 3.6.1 - HusserlTW)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Orange Inside (HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\Orange Inside) (Version: 2.1.1.0 - Orange)
Orange update (HKLM-x32\...\OrangeUpdateManager) (Version: 2.3.0.6 - Orange)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.15 - Nikon)
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Pixsta (HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\Pokki_83453a3d886e527a470b5bb8291dd338de4b1e44) (Version: 2.5.3.10 - SweetLabs)
PlanetSide 2 (HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\DGC-PlanetSide 2) (Version: 1.0.3.191 - Daybreak Game Company)
Plants vs. Zombies (HKLM-x32\...\WT087501) (Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Pokki (HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\SweetLabs_AP) (Version: 0.269.7.802 - Pokki)
Pokki Download Helper (HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.55 - NCH Software)
PS3XploderPro (HKLM-x32\...\{356AF22C-DA84-8072-F840-1B30DEC32891}) (Version: 1.1.0 - UNKNOWN) Hidden
PS3XploderPro (HKLM-x32\...\net.xploder.PS3XploderPro) (Version: 1.1.0 - UNKNOWN)
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (HKLM\...\Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1) (Version: 3.0.41.258 - Motorola, Inc.)
Ralink RT3090 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.01.18.0 - Ralink)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.121 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3023 - CyberLink Corp.) Hidden
Rome: Total War (HKLM\...\Steam App 4760) (Version:  - The Creative Assembly)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sid Meier's Civilization IV: Beyond the Sword (HKLM\...\Steam App 8800) (Version:  - Firaxis Games)
Sins of a Solar Empire (HKLM-x32\...\{C1DAC986-A6EE-407D-A5CE-0CE910807C6D}) (Version: 1.05 - Kalypso) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
SmartDraw 2012 (HKLM-x32\...\SmartDraw 2012) (Version:  - SmartDraw.com)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
STAR WARS™ Empire at War: Gold Pack (HKLM\...\Steam App 32470) (Version:  - Petroglyph)
STAR WARS™: Knights of the Old Republic™ (HKLM\...\Steam App 32370) (Version:  - BioWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sudoku (HKLM-x32\...\{A81B9222-8188-9DF7-720E-14270A4F76CB}) (Version: 1.1.0 - Orange) Hidden
Sudoku (HKLM-x32\...\com.orange.widgets.adobeair.Sudoku) (Version: 1.1.0 - Orange)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Last Days 3.23 (HKLM-x32\...\The_Deploy_0) (Version: 3.23 - TLD Team)
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.121 - Trusteer)
Unity Web Player (HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unitype Applications (HKLM-x32\...\Unitype Applications) (Version:  - )
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Uru - Ages Beyond Myst (HKLM-x32\...\Uru - Ages Beyond Myst) (Version: 1.0.0.0 - ubi.com)
Utility Chest Toolbar Chrome Extension (HKLM-x32\...\UtilityChest_49 Chrome Extension Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
ViewNX 2 (HKLM-x32\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.8.2 - Nikon)
Virtual Villagers - The Secret City (HKLM-x32\...\WT087513) (Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSDC Free Video Editor version 3.3.5.411 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.3.5.411 - Flash-Integro LLC)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM\...\Steam App 9450) (Version:  - Relic Entertainment)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.21 - NCH Software)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.7 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zuma Deluxe (HKLM-x32\...\WT087533) (Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Mummy\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Mummy\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Mummy\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Mummy\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mummy\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Mummy\Desktop\7-Zip\7-zip.dll -> No File
ContextMenuHandlers01: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-03] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers01: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers01: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2010-06-11] (Motorola, Inc.)
ContextMenuHandlers01: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2015-12-18] ()
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Mummy\Desktop\7-Zip\7-zip.dll -> No File
ContextMenuHandlers04: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers04: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-28] (Intel Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Mummy\Desktop\7-Zip\7-zip.dll -> No File
ContextMenuHandlers06: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-03] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers06: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2015-12-18] ()
ContextMenuHandlers1_S-1-5-21-149867241-399488070-2814908897-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-149867241-399488070-2814908897-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-149867241-399488070-2814908897-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Mummy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {054506C6-E973-43B2-B04D-CCC8DAEFBF06} - System32\Tasks\{B6D0FF18-7433-4E2D-A6D1-568621A0E513} => pcalua.exe -a "C:\Users\Mummy\Desktop\William\Wills Games\DISK1\mods\tyranidmod045DC.exe" -d "C:\Users\Mummy\Desktop\William\Wills Games\DISK1\mods"
Task: {06ABDFDD-67B1-4C50-A618-B0A6FE17C002} - System32\Tasks\Microsoft\Windows\orangeinside => C:\Users\Mummy\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe [2017-04-05] (Orange)
Task: {06D82352-8FB4-495C-8C36-F5F7451AB9D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {0D6C8FDA-9238-4F83-A674-2086B76E5B81} - System32\Tasks\{6FE66DDD-D813-4EAC-BD8B-97044BED6B46} => pcalua.exe -a "C:\Users\Mummy\Desktop\William\Wills Games\rise-fall-civilizations-at-war_windows_0g8s.exe" -d "C:\Users\Mummy\Desktop\William\Wills Games"
Task: {18415DCD-37AD-4009-931D-B2863B254024} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {203ED065-BC1C-4772-85FB-FDEFE8B84230} - System32\Tasks\{94C265F0-D761-48F0-9FA3-A6C193349BE9} => pcalua.exe -a C:\Users\Mummy\AppData\Local\Temp\Temp1_dcunlock.zip\dcunlock.exe <==== ATTENTION
Task: {284AE381-331B-4EEB-B704-6B177623FB8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {2898EA4C-5B7F-4A76-BA10-27A182474CF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {33C96EE3-44AA-4249-BDA3-D7AA8D1554D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {37B9C741-8BCD-4E51-BAA6-FF016BC42232} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001Core => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3D4990D4-221F-424A-A1B7-78D7BD991D8C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001Core => C:\Users\Mummy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-10-07] (Dropbox, Inc.)
Task: {417307A9-492E-47A4-A90C-5E8D95C740CD} - System32\Tasks\{C93668EF-01FF-4988-9686-167CBCB50501} => C:\Program Files (x86)\Mount&Blade\Modules\IronLauncher.exe [2012-02-20] (Created by Swyter)
Task: {4EAB7208-0BFD-4163-A65D-CFA2C9254C8C} - System32\Tasks\{6196C0DC-104F-46FF-9548-856CC63DBCCC} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War\LaunchEAW.exe [2007-08-02] (LucasArts LLC and D2C Games Inc.)
Task: {528B734D-A899-445C-9677-7CB38139DB6E} - System32\Tasks\{D1BC404F-57E6-4AE9-9D59-266E4D69E462} => C:\Users\Mummy\Desktop\Age of Mythology\AOM 1\INSTMSIA.EXE
Task: {5C3FE59F-D9E3-4E07-898E-096A4CB16191} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe
Task: {6207A519-8D78-483B-9356-8D60F9C22DEC} - System32\Tasks\{1E828310-34DC-4A5F-871E-3CEACC3C49BE} => C:\Program Files (x86)\Steam\Steam.exe [2017-06-08] (Valve Corporation)
Task: {63E71F39-4F9E-4B72-A952-2B7CEA6BAC93} - System32\Tasks\Pokki => C:\Users\Mummy\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
Task: {78B28D05-33D0-45A1-9346-6210180D36C1} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-03-07] (Oracle Corporation)
Task: {794CA650-9BF3-48D7-BE50-DFD8D5996DFA} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {7CA8C019-44A9-457C-BB0D-5095A349F552} - System32\Tasks\{8D675D8E-687B-4C15-949E-E0E8CC0793D2} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War\LaunchEAW.exe [2007-08-02] (LucasArts LLC and D2C Games Inc.)
Task: {80AB812B-B735-4D59-BB23-E4F741B07C15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {854E51FB-828C-4437-8DFF-D433487C47CA} - System32\Tasks\HPCeeScheduleForMummy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {886F6E7A-D7B7-4AFD-AE4F-5F45CF2CED73} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {90005248-F9DD-4A63-929C-FFDAD9C3D778} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {936326E4-6775-47ED-AB38-F409C9F9E157} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {94D2B7FF-D85A-497E-873E-03CEE8354A73} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-24] ()
Task: {951964AD-A54C-4B73-B647-A7485C665F05} - System32\Tasks\{79608E0F-CEC7-4761-BB4C-4DFE87D38D1F} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War\LaunchEAW.exe [2007-08-02] (LucasArts LLC and D2C Games Inc.)
Task: {959BD8EB-6604-4D95-B034-0C6703E9E906} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001UA => C:\Users\Mummy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-23] (Facebook Inc.)
Task: {99DE31B0-C510-4F7B-A398-0203C8220FAF} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {9C6AF2FB-6B43-4E93-B593-4EDFC12A7DEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {9D311F3D-203A-493D-AA48-F30E0D9CAFB0} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe
Task: {9E575E24-7D68-4DD2-BCFE-9786649770DA} - System32\Tasks\{C30A009E-A147-47B9-A7B4-8878820CE139} => C:\Program Files (x86)\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
Task: {9EAB6F0F-F747-4A8D-9FFF-3D0466B1611A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe
Task: {B42575E1-2443-40DB-B242-21729C65069E} - System32\Tasks\{51A54B6C-7821-4178-8C8F-EEC0600016C5} => C:\Users\Mummy\Desktop\Age of Mythology\AOM 1\INSTMSIA.EXE
Task: {B4774CB3-E2F3-48A3-A87B-349DA7C70569} - System32\Tasks\{FA3B39DB-F3DA-43F2-8CF8-0BCC97D35137} => C:\Users\Mummy\Desktop\Age of Mythology\AOM 1\INSTMSIA.EXE
Task: {BCB26E60-FD9E-448E-B3D6-0A2147B86245} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001Core => C:\Users\Mummy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-23] (Facebook Inc.)
Task: {C073D330-3F1C-4C11-8BA3-77E8EDCD6AD3} - System32\Tasks\{AC668246-7F0D-4FA9-B388-C9AC94589732} => C:\Users\Mummy\Desktop\Age of Mythology\AOM 1\INSTMSIA.EXE
Task: {C259166A-6C09-4416-9A6C-63992DA20708} - System32\Tasks\Google Update => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C29BA776-B922-4836-AE81-84E09C1F67B7} - System32\Tasks\SweetLabs App Platform => C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-10-30] (Pokki)
Task: {CA338822-D61C-42C8-B7D2-D9252A6C06D1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-149867241-399488070-2814908897-1001
Task: {CDD976E7-74AA-4048-92C7-571A3D240EA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001UA => C:\Users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D1E584FA-9667-4FFD-8020-1AD4EC40A434} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2012\Messages\SDNotify.exe [2011-09-26] ()
Task: {D294D1D5-780D-43B9-B735-FD5E948A7DA8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: {DB131C0C-8DE1-4645-951C-4631E09B51FE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001UA => C:\Users\Mummy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-10-07] (Dropbox, Inc.)
Task: {E3CFDFDE-F422-4C1B-9E69-050B356DBDDB} - System32\Tasks\{451A1E09-D9B9-48D0-9BAB-EA1857020538} => pcalua.exe -a E:\ArcSoft\PanoramaMaker\Setup.exe -d E:\ArcSoft\PanoramaMaker
Task: {E9A59F98-535F-4F0B-AFED-A397014BED70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {ED2FEF85-610E-4C2A-8D94-C64E90588C4F} - System32\Tasks\{3C76353C-FB40-4F72-9225-E13D3F141820} => C:\Program Files (x86)\Mount&Blade\Modules\IronLauncher.exe [2012-02-20] (Created by Swyter)
Task: {F12ED21F-B2E1-4D33-8F91-8192E53A6C54} - System32\Tasks\{3AB964D6-4844-4131-B927-051A4A969AB1} => pcalua.exe -a "C:\Users\Mummy\Desktop\Age of Mythology\AOM 1\INSTMSIA.EXE" -d "C:\Users\Mummy\Desktop\Age of Mythology\AOM 1"
Task: {F48AD179-415E-4B1C-A292-17082CAD3D13} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-03] (AVG Technologies CZ, s.r.o.)
Task: {F5655D66-A3AE-44C1-BA24-3D7EB99E6D3B} - System32\Tasks\{175D9D6D-EF47-46C9-8B44-9F785C5C73DE} => C:\Users\Mummy\Desktop\Age of Mythology\AOM 1\INSTMSIA.EXE
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001Core.job => C:\Users\Mummy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001UA.job => C:\Users\Mummy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001Core.job => C:\Users\Mummy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-149867241-399488070-2814908897-1001UA.job => C:\Users\Mummy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMummy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe\-PTE -V20000102 -SSDU.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Mummy\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
 
ShortcutWithArgument: C:\Users\Mummy\Dropbox\Vince Boon\VINCE BOON - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 12"
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://r.orange.fr/r/Oodc_CHshortcut_oi_v2?ref=O_OI_defaultPage_CH_odc_shortcut
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://r.orange.fr/r/Oodc_IEshortcut_oi_v2?ref=O_OI_defaultPage_IE_odc_shortcut
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://r.orange.fr/r/Oodc_CHshortcut_oi_v2?ref=O_OI_defaultPage_CH_odc_shortcut
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://r.orange.fr/r/Oodc_IEshortcut_oi_v2?ref=O_OI_defaultPage_IE_odc_shortcut
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://r.orange.fr/r/Oodc_FFshortcut_oi_v2?ref=O_OI_defaultPage_FF_odc_shortcut
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mummy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://r.orange.fr/r/Oodc_CHshortcut_oi_v2?ref=O_OI_defaultPage_CH_odc_shortcut
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://r.orange.fr/r/Oodc_IEshortcut_oi_v2?ref=O_OI_defaultPage_IE_odc_shortcut
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mummy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://r.orange.fr/r/Oodc_CHshortcut_oi_v2?ref=O_OI_defaultPage_CH_odc_shortcut
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\de0b1d243227e473\Daddy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 18"
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d76736477ba15566\Jacob Jellybean - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 10"
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d755e1040e5d38ac\William - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 8"
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b85361f99b8f4950\Sam - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 20"
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b42be1c9c51179ef\Dad @ La Glehias - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 7"
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Sam & Jake - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Mummy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\romaric - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://r.orange.fr/r/Oodc_CHshortcut_oi_v2?ref=O_OI_defaultPage_CH_odc_shortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://r.orange.fr/r/Oodc_FFshortcut_oi_v2?ref=O_OI_defaultPage_FF_odc_shortcut
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-08 12:26 - 2016-11-25 11:45 - 00980552 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2015-12-18 03:10 - 2015-12-18 03:10 - 00105984 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2010-01-21 01:20 - 2010-01-21 01:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2015-08-19 13:45 - 2015-02-10 15:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2016-03-19 09:47 - 2017-06-13 21:31 - 02184776 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2016-06-22 15:57 - 2016-06-22 15:57 - 00042928 _____ () C:\Users\Mummy\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe
2010-06-19 01:26 - 2010-06-19 01:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-19 01:26 - 2010-06-19 01:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-19 01:26 - 2010-06-19 01:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2017-06-26 22:32 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 22:32 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-07-14 09:44 - 2017-07-14 09:44 - 01192400 _____ () C:\Users\Mummy\AppData\Local\Temp\is-LP5A4.tmp\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.tmp
2017-07-14 09:44 - 2017-07-14 09:44 - 01192400 _____ () C:\Users\Mummy\AppData\Local\Temp\is-P3GD0.tmp\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.tmp
2017-05-13 16:09 - 2017-05-13 16:09 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-07-03 16:08 - 2017-07-03 16:08 - 00193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-07-03 16:09 - 2017-07-03 16:09 - 00225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-07-13 21:02 - 2017-07-13 21:02 - 05880160 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17071306\algo.dll
2017-07-03 16:08 - 2017-07-03 16:08 - 00690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-07-03 16:08 - 2017-07-03 16:08 - 00232784 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-11-29 11:21 - 2016-11-29 11:20 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2010-06-16 21:48 - 2010-06-16 21:48 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-06-16 21:48 - 2010-06-16 21:48 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-06-16 21:48 - 2010-06-16 21:48 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2017-07-12 22:07 - 2017-07-12 22:07 - 01040072 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-07-03 16:09 - 2017-07-03 16:09 - 67109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2015-08-19 13:45 - 2015-02-18 14:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2017-07-13 18:58 - 2017-07-13 14:25 - 00746816 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-07-13 18:58 - 2017-07-13 14:25 - 01787200 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-07-13 19:00 - 2017-07-13 14:25 - 00100296 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00018888 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\select.pyd
2017-07-13 19:00 - 2017-07-13 14:27 - 00020800 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00035792 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-07-13 18:58 - 2017-07-13 14:26 - 00021848 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00125904 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00694224 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-07-13 18:58 - 2017-07-13 14:26 - 01862992 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-07-13 18:58 - 2017-07-13 14:26 - 00022864 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-07-13 18:59 - 2017-07-13 14:25 - 00145864 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-07-13 18:58 - 2017-07-13 14:25 - 00020432 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-07-13 18:59 - 2017-07-13 14:25 - 00116688 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-07-13 19:00 - 2017-07-13 14:25 - 00105928 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00022864 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-07-13 18:59 - 2017-07-13 14:26 - 00062784 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-07-13 18:58 - 2017-07-13 14:26 - 00040248 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00024528 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-07-13 18:59 - 2017-07-13 14:25 - 00020936 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00124880 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00116176 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-07-13 18:59 - 2017-07-13 14:25 - 00392656 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-07-13 19:00 - 2017-07-13 14:27 - 00392512 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00026456 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00024016 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00175560 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00030160 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00043472 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00048592 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00057808 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-07-13 18:58 - 2017-07-13 14:26 - 00022336 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-07-13 19:00 -

#4 Trackalina

Trackalina

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 16 July 2017 - 03:24 PM

2017-07-13 19:00 - 2017-07-13 14:25 - 00024016 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00082264 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00025432 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 03928896 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00083912 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\sip.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 01826104 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 01972024 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00028616 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 00171336 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 00042816 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 00531264 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 00133432 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 00224064 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 00207680 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00060880 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00054608 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00022864 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00022872 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00021848 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00022872 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-07-13 18:58 - 2017-07-13 14:26 - 00027488 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 19:00 - 2017-07-13 14:25 - 00349128 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-07-13 19:00 - 2017-07-13 14:28 - 00023896 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-07-13 18:59 - 2017-07-13 14:26 - 00025936 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-07-13 18:59 - 2017-07-13 14:25 - 00036296 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\librsync.dll
2017-07-13 18:58 - 2017-07-13 14:26 - 00181056 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-07-13 19:00 - 2017-07-13 14:27 - 00030536 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-07-13 18:59 - 2017-07-13 14:26 - 00024368 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-07-13 18:59 - 2017-07-13 14:26 - 01637688 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-07-13 19:00 - 2017-07-13 14:28 - 00026456 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-07-13 19:00 - 2017-07-13 14:27 - 00023368 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 00546104 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-07-13 18:59 - 2017-07-13 14:27 - 00357688 _____ () C:\Users\Mummy\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-04-29 08:55 - 2016-04-29 08:55 - 01028608 _____ () C:\Users\Mummy\AppData\Local\Facebook\Games\CefSharp.Core.dll
2016-04-29 08:55 - 2016-04-29 08:55 - 56718848 _____ () C:\Users\Mummy\AppData\Local\Facebook\Games\libcef.dll
2016-04-29 08:55 - 2016-04-29 08:55 - 00688640 _____ () C:\Users\Mummy\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2016-04-29 08:55 - 2016-04-29 08:55 - 02127872 _____ () C:\Users\Mummy\AppData\Local\Facebook\Games\libglesv2.dll
2016-04-29 08:55 - 2016-04-29 08:55 - 00075776 _____ () C:\Users\Mummy\AppData\Local\Facebook\Games\libegl.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 00569856 _____ () C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 01400846 _____ () C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 00151054 _____ () C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 00222734 _____ () C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Mummy:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-149867241-399488070-2814908897-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mummy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8CCF7074-F6A1-4FB6-A393-0E0734FEFAD9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{56EEC87C-9953-45B8-8C1C-FAB00E46C2FA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{94C69C3C-9558-49C9-A759-46596C51598A}] => (Allow) svchost.exe
FirewallRules: [{01D0A581-E726-4E84-ACB9-109FCD7DA042}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0CA07B5A-BB44-40BC-8C9C-A2F4557FD4AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{B773A63C-02AC-4E3C-9FD2-B716E63C8A4D}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe
FirewallRules: [{86B9AA63-FA45-4544-B954-E49ABC3C1F62}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe
FirewallRules: [{4787C951-6513-4F3E-B6C1-89667F2F25F5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{4C3C2A41-C169-4008-992C-029601564B77}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{1C01E7B8-81FF-4AC9-8988-31D1489B053C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{08AC741F-E389-4B05-8AC2-7ACE4901B785}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{44FE3CA6-6BB1-45FF-8955-75AEBE502663}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
FirewallRules: [{EB1FE998-18DB-4D45-ACFD-11CBA6F83C84}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
FirewallRules: [{C80EC159-4F0F-4894-95B2-55BB38EBA359}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
FirewallRules: [{D33B623B-BCCA-4ECD-8328-DEAB7AC10EDB}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
FirewallRules: [{9B36B8FB-2BFD-4C7A-AB33-85945F428994}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Pirate101\Pirate101.exe
FirewallRules: [{10E241C1-C1F7-4A44-86C4-1634A9672499}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Pirate101\Pirate101.exe
FirewallRules: [{BF4AD67E-72A0-4799-9676-3A1526C54B55}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Pirate101\Pirate101.exe
FirewallRules: [{2B672791-8FBE-486B-A074-67CD20C478D7}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Pirate101\Pirate101.exe
FirewallRules: [TCP Query User{33337631-A9AB-4AA3-8C41-A1AD5A4C92B9}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe] => (Block) C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe
FirewallRules: [UDP Query User{4CAA7DEC-E96E-41A3-A728-E3F09104407A}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe] => (Block) C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe
FirewallRules: [{51C9FCF3-1DA8-4184-9A6D-59BE78FDB97E}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{BAACDAE9-5523-45CC-B8AA-CD181B9618F1}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{7C92187B-E531-46C5-9B80-FE3A61868211}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{EE70C965-4AC8-485C-B957-2FB20EF63F81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [TCP Query User{09F1F583-21FE-4457-9979-59676094B3C1}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{04808F22-B09D-4BF2-AB23-6A74681BFA46}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{7138124D-60E6-43D6-8167-3900FE55C288}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{A06DC081-1DFC-419B-BF09-3CD9E69B579D}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{9C615442-9418-40C9-95D6-BEAD780F37BF}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2.exe
FirewallRules: [{F5020F7E-50CC-43FB-AC61-6800A1313DA5}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2.exe
FirewallRules: [{4D4EF40C-F184-4428-8FB1-272739051D69}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2OA.exe
FirewallRules: [{A631D289-615D-4411-B4C5-934D2BD22DB0}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2OA.exe
FirewallRules: [{F6A3B690-08A1-4500-A6F3-7AF4B6D78741}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2 REINFORCEMENTS\arma2RFT.exe
FirewallRules: [{D3925FBA-139D-4C75-BE36-E52DD9E78D5F}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2 REINFORCEMENTS\arma2RFT.exe
FirewallRules: [{A6E0E3E2-6D07-4865-9E5D-34FD0B02B69D}] => (Allow) C:\Users\Mummy\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{FCB168FD-E4CE-4BBE-A0B5-9955538F2D01}] => (Allow) C:\Users\Mummy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E7FACE40-1496-4A3C-ACCD-091B287DD486}] => (Allow) C:\Users\Mummy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B8E4B827-909F-4802-839C-37947C21C0F6}] => (Allow) C:\Program Files (x86)\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe
FirewallRules: [{C36FAF09-A867-484B-B31C-7037DD1CE8CF}] => (Allow) C:\Program Files (x86)\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe
FirewallRules: [{51816BC4-0B8A-4989-92BE-2F3ABE734C65}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{A8AE7CB3-F54A-41DD-91C9-076807AB107A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{6B11FF6F-A0BB-4B77-8E80-17E6631B03F8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{28617FB5-1CB1-41DA-A29E-1A680131E10A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{AE433AF2-347B-47A7-BCB9-FEFC60F57A85}C:\users\mummy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mummy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{415C9213-CA86-4E37-9D59-54763E209A9F}C:\users\mummy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mummy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{5DBCD972-8028-48EA-B0E5-9C4984860A79}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{E6756716-5F67-4A10-97EA-DE0C08F03EEA}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{87DAA15F-DC2B-4D12-950F-F4238D93729A}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{26E9C1D4-73FB-4B3F-B324-E629B01117FF}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{D09C7468-AA0A-43AD-A2C8-0C9D5A43C15E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C51B45AC-A04B-4139-AAC2-96B81262E7BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5D623BCC-7279-49AD-905C-D67F9AA94575}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe] => (Block) C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe
FirewallRules: [UDP Query User{AC3F5B0D-5CE9-49AE-8FC4-2AB95586222A}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe] => (Block) C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe
FirewallRules: [TCP Query User{92FCEBA7-60D9-4FE7-8ADC-62452FF91C78}C:\program files\java\jre6\bin\javaw.exe] => (Block) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{C2B029BF-9BB3-46D8-B10C-48A3178FDB6D}C:\program files\java\jre6\bin\javaw.exe] => (Block) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{1D88178E-E985-4258-840E-57BE9D80DA59}C:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat] => (Block) C:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat
FirewallRules: [UDP Query User{B5F77512-BDA2-4BA7-BA2C-AB41A6C4DFFB}C:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat] => (Block) C:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat
FirewallRules: [TCP Query User{0F4D7B73-A9DA-4C5E-8B98-9F8751B9E5A0}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{20420DBC-D7BD-4C4A-B0AD-06D706A3DA0A}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{0DA6752C-6CCA-4335-911B-6F01C69138AF}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{72CD4A01-CFBA-42E4-BB8B-53B929C11302}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{E13F97B5-8993-488A-9DC7-85F4002A3DDC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{F3392303-B891-4877-AF49-42C7CE5F4B98}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{6C361A4B-E726-442F-98CA-ED3FCA3B22C9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{5B1F0D8D-3A79-48B6-B28F-870D935D03EB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C5102234-87F9-4B4C-8DF3-441D35AC65C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB4BF5F2-7202-4D4C-92F2-1C583B64BD17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1FE272D-7892-40D9-8578-83947127AB57}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{1ECD3D3D-B15B-4199-BC8B-D40DFDF92171}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{86DFF5D0-BCDA-4246-9B9D-4D2AA2A8B585}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{8572211B-27B0-4782-8A42-6092E86F9C86}C:\users\mummy\desktop\william\star wars empire at war unzipped\gamedata\sweaw.exe] => (Allow) C:\users\mummy\desktop\william\star wars empire at war unzipped\gamedata\sweaw.exe
FirewallRules: [UDP Query User{F6448E7F-3250-441F-903D-5289E1089997}C:\users\mummy\desktop\william\star wars empire at war unzipped\gamedata\sweaw.exe] => (Allow) C:\users\mummy\desktop\william\star wars empire at war unzipped\gamedata\sweaw.exe
FirewallRules: [{84B54C5B-C74A-40E9-9F6D-A1E1EEC30BE4}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{2E2A7634-6402-4D60-80BA-339C78659575}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{D561E339-E3C9-4BBC-BE28-BBF8D28061B6}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{3411B0F1-C9C5-4C0B-B4CD-2D0E2B9BF7A0}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [TCP Query User{6FED67CF-B3D3-4672-BC7D-C58788B5D53D}C:\program files (x86)\r.g. mechanics\age of mythology ge\aomx.exe] => (Block) C:\program files (x86)\r.g. mechanics\age of mythology ge\aomx.exe
FirewallRules: [UDP Query User{41279465-24FA-4375-996F-2AEC9A4C8DA7}C:\program files (x86)\r.g. mechanics\age of mythology ge\aomx.exe] => (Block) C:\program files (x86)\r.g. mechanics\age of mythology ge\aomx.exe
FirewallRules: [TCP Query User{FD62B6AE-3731-433D-8A21-C12D32CD6B65}C:\program files (x86)\r.g. mechanics\age of mythology ge\aom.exe] => (Allow) C:\program files (x86)\r.g. mechanics\age of mythology ge\aom.exe
FirewallRules: [UDP Query User{54B85DA2-C45B-48F9-B073-A38EF422ECA4}C:\program files (x86)\r.g. mechanics\age of mythology ge\aom.exe] => (Allow) C:\program files (x86)\r.g. mechanics\age of mythology ge\aom.exe
FirewallRules: [{EC237801-AEEE-471D-A5A1-4AEA0331C72E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4F252801-2211-4952-9F79-C649E346FFEC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BF3D8833-4BEC-4813-8A07-85A14FAA4479}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{9AE2F352-43F6-4C77-AB54-BF41FC88EF45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{11D25255-96F1-465B-B53A-B8B58B967922}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{FC8BDDA5-2B7E-4F32-BA0E-0596A879791E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{5235B6CD-8542-423B-8AC1-13F534EF29D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{3213B08B-CB35-4F72-8053-5065E6D4D7F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{FB552FF1-7DED-4808-82D7-C064271D6CBA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{C027B95F-2EC7-4F81-8141-CDB939D86A9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{0A555A87-915E-4A3C-94B4-14817C7888AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8BD473B2-5F61-4AEB-93D8-4C2B83F91EEF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{B420933C-339A-48CC-8EB9-4632A77482E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{02BF3096-0F06-476D-AA25-1E6771CBE226}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{97D5B132-F617-46FB-91E3-169D658F78A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{A78188C3-D9A2-4696-BB24-24B3D9D719CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{7BDBAB82-7B05-495E-95DC-3665AE16DE8F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{A91C23B1-F36C-4911-BF8C-A6F5A966380B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{098C67C8-7616-4FCD-85F0-BC14B308C383}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{3E8C2926-6E40-4A24-B65B-F0C234C2B38D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{6585BBD5-DA4C-46C3-A0E5-C2730C1785D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [TCP Query User{BB1390AE-4C83-4AF4-A2BC-C7591D7CE1C4}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{9DD73EB9-A522-4188-A8D5-3A32E330BBA1}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{0CAB73D5-94A1-4800-8BA9-D8372820F070}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{07105114-16A9-4F17-91CE-9D1F36F18560}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{FCC18D9A-3802-497E-950B-22D598DC0BD4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{320F4A2C-18A4-4544-8FDF-60243400BE39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [TCP Query User{205D44E4-AB03-4083-B7DA-063C35C255E2}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{F67885C7-8F33-468D-B5BD-13B5B17001CE}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{5A70CBC6-88DD-480D-AD7C-02B6B2DB792C}] => (Allow) C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [{EA8D3ED2-B054-44BA-B3A4-03FC80319A00}] => (Allow) C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [TCP Query User{EB618B71-A81C-4605-90B4-1A87703D7562}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{35D0A7A2-1247-471A-B04E-83EFA516499A}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
 
==================== Restore Points =========================
 
07-07-2017 12:46:11 Installed DirectX
12-07-2017 21:56:12 Installed Rapport
14-07-2017 08:33:25 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2017 08:44:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000128b00000002
Faulting process id: 0x78c
Faulting application start time: 0x01d2fb484d87aa1a
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: unknown
Report Id: 5a7442c6-67fb-11e7-b4bc-c0c5e314f4da
 
Error: (07/13/2017 10:27:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x80000008
Faulting process id: 0x190c
Faulting application start time: 0x01d2fbb1e7a057b3
Faulting application path: C:\Windows\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: 268f6205-67a5-11e7-b4bc-c0c5e314f4da
 
Error: (07/12/2017 06:19:09 PM) (Source: MsiInstaller) (EventID: 1021) (User: Mummy-HP)
Description: Product: Google Update Helper - Update '{E0D0D2C9-5836-4023-AB1D-54EC3B90AD03}' could not be removed. Error code 1647. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (07/12/2017 06:19:09 PM) (Source: MsiInstaller) (EventID: 1021) (User: Mummy-HP)
Description: Product: Google Update Helper - Update '{1CAD0644-2CF1-4EA6-B512-0F59D9EAB13C}' could not be removed. Error code 1647. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (07/09/2017 05:48:53 PM) (Source: Google Update) (EventID: 20) (User: Mummy-HP)
Description: Event-ID 20
 
Error: (07/09/2017 12:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Steam.exe, version: 4.0.6.0, time stamp: 0x5938d3cf
Faulting module name: tier0_s.dll_unloaded, version: 0.0.0.0, time stamp: 0x5938d380
Exception code: 0xc0000005
Fault offset: 0x6ce4dfdc
Faulting process id: 0x289c
Faulting application start time: 0x01d2f6ad04a45e37
Faulting application path: C:\Program Files (x86)\Steam\Steam.exe
Faulting module path: tier0_s.dll
Report Id: 74331ce3-6492-11e7-9689-df82729ea9c7
 
Error: (07/07/2017 09:06:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program attila.exe version 1.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e54
 
Start Time: 01d2f7524bad0044
 
Termination Time: 1416
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\attila.exe
 
Report Id:
 
Error: (07/07/2017 06:24:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program attila.exe version 1.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 64c
 
Start Time: 01d2f72da0db865c
 
Termination Time: 1586
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\attila.exe
 
Report Id:
 
Error: (07/07/2017 03:31:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program swkotor.exe version 1.0.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 34c0
 
Start Time: 01d2f72464619a20
 
Termination Time: 31
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
 
Report Id:
 
Error: (07/07/2017 03:23:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swkotor.exe, version: 1.0.3.0, time stamp: 0x402bc2d9
Faulting module name: ig4icd32.dll, version: 8.15.10.2189, time stamp: 0x4c5093bf
Exception code: 0xc0000005
Fault offset: 0x00852190
Faulting process id: 0x28f4
Faulting application start time: 0x01d2f71cfc3d9f2c
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
Faulting module path: C:\Windows\system32\ig4icd32.dll
Report Id: 878cb11e-6317-11e7-9689-df82729ea9c7
 
 
System errors:
=============
Error: (07/14/2017 08:25:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/14/2017 08:24:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
 
Error: (07/14/2017 08:23:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgbIDSAgent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/14/2017 08:23:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the avgbIDSAgent service to connect.
 
Error: (07/14/2017 08:21:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/14/2017 08:18:15 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The avgbIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (07/14/2017 08:00:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
Error: (07/14/2017 07:59:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.
 
Error: (07/13/2017 08:46:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/13/2017 08:40:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 72%
Total physical RAM: 3893.86 MB
Available physical RAM: 1071.08 MB
Total Virtual: 7785.93 MB
Available Virtual: 3687.56 MB
 
==================== Drives ================================
 
Drive c: (Mums Laptop) (Fixed) (Total:445.49 GB) (Free:83.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.97 GB) (Free:2.9 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: (LOTRBFME2) (CDROM) (Total:5.54 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E5539939)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End of Addition.txt ============================


#5 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,003 posts

Posted 16 July 2017 - 07:40 PM

Hello Trackalina and thank you for the logs.

 

Please can you tell me if you already tried to set the homepage or startup page of you Google Chrome browser to your favorite/custom page?

 

Please read here on how to do it for the Google Chrome browser.

 

Let me know if you were able to customize it.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#6 Trackalina

Trackalina

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 17 July 2017 - 04:14 AM

Hi again Android 8888, thanks for getting back to me. Yes, the relevant settings were the first thing I checked and nothing seems amiss. I've had the same set of start-up pages forever. I've ran the Chrome cleanup tool and that found nothing. I've also tried resetting everything but that didn't fix it either. I'm at loss. The only thing I can think to do is delete our Chrome profiles, but I would only want to do this as a last resort, and only if I was completely convinced it would rid us of the problem.  Cheers :)


Edited by Trackalina, 17 July 2017 - 04:15 AM.


#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,003 posts

Posted 17 July 2017 - 06:55 PM

Hello Trackalina.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware.


With that being said, please proceed as follow:

I noticed that you have some malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

 

AVG Web TuneUp
Pokki
Pokki Download Helper
Utility Chest Toolbar Chrome Extension

 

If you have an issue when uninstalling a program, please let me know.


Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
(Pokki) C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Pokki) C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2184776 2017-06-13] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-149867241-399488070-2814908897-1001\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Mummy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.4.1.14
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.4.1.14
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.4.1.14
HKU\S-1-5-21-149867241-399488070-2814908897-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/2
HKU\S-1-5-21-149867241-399488070-2814908897-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={B7D55849-E7D5-4944-B142-63B03B333CBC}&mid=8fdf0673b14f4feda806297e6f9fa03e-6c375c07165cc633e2e147f1d4c4018515d6d194&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-05-08 12:27:03&v=4.2.8.608&pid=wtu&sg=&sap=hp
hxxp://news.bbc.co.uk/weather/forecast/3036|hxxp://www.facebook.com/profile.php?id=1527012462|hxxps://www.google.fr/
HKU\S-1-5-21-149867241-399488070-2814908897-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://r.orange.fr/r/Oodc_IE_oi_v2?ref=O_OI_defaultPage_IE_odc
SearchScopes: HKLM -> DefaultScope {8E70F5F9-BDBA-468E-A485-5DDAA362CA25} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {76D79C7A-B965-4FB3-B85E-5B2845F6B1BB} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {8E70F5F9-BDBA-468E-A485-5DDAA362CA25} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {D8F78698-3622-4D87-A941-FC12CC278318} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8E70F5F9-BDBA-468E-A485-5DDAA362CA25} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {76D79C7A-B965-4FB3-B85E-5B2845F6B1BB} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {8E70F5F9-BDBA-468E-A485-5DDAA362CA25} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D8F78698-3622-4D87-A941-FC12CC278318} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-149867241-399488070-2814908897-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B7D55849-E7D5-4944-B142-63B03B333CBC}&mid=8fdf0673b14f4feda806297e6f9fa03e-6c375c07165cc633e2e147f1d4c4018515d6d194&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-05-08 12:27:03&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-149867241-399488070-2814908897-1001 -> {76D79C7A-B965-4FB3-B85E-5B2845F6B1BB} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-149867241-399488070-2814908897-1001 -> {8E70F5F9-BDBA-468E-A485-5DDAA362CA25} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-149867241-399488070-2814908897-1001 -> {91E32DBE-D07F-4174-9EB0-EDFC3D0ADC54} URL = hxxp://search.softonic.com/MOY00005/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=4a472803000000000000e02a82599fc3&toi=16076&r=111
SearchScopes: HKU\S-1-5-21-149867241-399488070-2814908897-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B7D55849-E7D5-4944-B142-63B03B333CBC}&mid=8fdf0673b14f4feda806297e6f9fa03e-6c375c07165cc633e2e147f1d4c4018515d6d194&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-05-08 12:27:03&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-149867241-399488070-2814908897-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5
SearchScopes: HKU\S-1-5-21-149867241-399488070-2814908897-1001 -> {D8F78698-3622-4D87-A941-FC12CC278318} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-149867241-399488070-2814908897-1001 -> {EF193DF4-A9EF-11E4-AB12-D03C794352DE} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=online&q={searchTerms}
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-13] (AVG)
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> No File
FF Homepage: Mozilla\Firefox\Profiles\3qhygmi2.default -> hxxp://r.orange.fr/r/Oodc_FF_oi_v2?ref=O_OI_defaultPage_FF_odc
FF Extension: (AVG Web TuneUp) - C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\3qhygmi2.default\Extensions\avg@toolbar.xpi [2016-11-25]
FF Extension: (ProxTube - Unblock YouTube) - C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\3qhygmi2.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2016-10-23]
FF SearchPlugin: C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\3qhygmi2.default\searchplugins\avg-secure-search.xml [2017-02-05]
FF SearchPlugin: C:\Users\Mummy\AppData\Roaming\Mozilla\Firefox\Profiles\3qhygmi2.default\searchplugins\Web Search.xml [2015-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-11-25]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-149867241-399488070-2814908897-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Mummy\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxps://translate.google.com/#en/fr/Hello%2C","hxxps://uk.yahoo.com/","hxxp://www.bbc.com/weather/2970777","hxxp://www.meteofrance.com/previsions-meteo-france/plumieux/22210","hxxps://www.facebook.com/","hxxps://www.pinterest.co.uk/"
CHR NewTab: Default ->  Not-active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html", Active:"chrome-extension://oeanaggofendibgpmgcamkdkpjgkgkpo/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (Extended Protection) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-11-05]
CHR Extension: (AVG Secure Search) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR Extension: (LyricsViewer-1) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gfafihhpmeohjgoikahkbklkcfeopbjn [2016-04-19] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/41990.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19]
CHR Extension: (LyricsViewer-1) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\gfafihhpmeohjgoikahkbklkcfeopbjn [2016-02-22] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/41990.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR Extension: (Utility Chest) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\mhbcejfeenepiegfmddjkjfjdbhpnfmi [2015-03-23] [UpdateUrl: hxxps://updates.mywebsearch.com/updateCrx.xml?id=204540489&version=2.4.0.48874&track=YY] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-23]
CHR Extension: (Utility Chest) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\mhbcejfeenepiegfmddjkjfjdbhpnfmi [2015-04-18] [UpdateUrl: hxxps://updates.mywebsearch.com/updateCrx.xml?id=204540489&version=4.94.1.44186&track=YY&trackRevision=2] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 14\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-16]
CHR Extension: (Utility Chest) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\mhbcejfeenepiegfmddjkjfjdbhpnfmi [2015-04-18] [UpdateUrl: hxxps://updates.mywebsearch.com/updateCrx.xml?id=204540489&version=2.4.0.48874&track=YY] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-18]
CHR Extension: (Utility Chest) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 16\Extensions\mhbcejfeenepiegfmddjkjfjdbhpnfmi [2015-04-18] [UpdateUrl: hxxps://updates.mywebsearch.com/updateCrx.xml?id=204540489&version=2.4.0.48874&track=YY] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 16\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-18]
CHR Extension: (Bookmark Manager) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-04]
CHR Extension: (Utility Chest) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\mhbcejfeenepiegfmddjkjfjdbhpnfmi [2015-06-04] [UpdateUrl: hxxps://updates.mywebsearch.com/updateCrx.xml?id=204540489&version=4.94.1.44186&track=YY&trackRevision=2] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-13]
CHR Extension: (Chrome Media Router) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Extension: (Utility Chest) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 19\Extensions\mhbcejfeenepiegfmddjkjfjdbhpnfmi [2016-02-12] [UpdateUrl: hxxps://updates.mywebsearch.com/updateCrx.xml?id=204540489&version=2.4.0.48874&track=YY] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 19\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-12]
CHR Extension: (AVG Secure Search) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 20\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 20\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 20\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-29]
CHR Extension: (AVG Secure Search) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 22\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-05-13]
CHR Extension: (Utility Chest) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 22\Extensions\mhbcejfeenepiegfmddjkjfjdbhpnfmi [2017-06-28] [UpdateUrl: hxxps://updates.mywebsearch.com/updateCrx.xml?id=204540489&version=4.94.1.44186&track=YY&trackRevision=2] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 22\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-13]
CHR Extension: (Chrome Media Router) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 22\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR Extension: (AVG Secure Search) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-04-19]
CHR Extension: (LyricsViewer-1) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gfafihhpmeohjgoikahkbklkcfeopbjn [2016-04-19] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/41990.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19]
CHR Extension: (LyricsViewer-1) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gfafihhpmeohjgoikahkbklkcfeopbjn [2016-03-06] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/41990.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-13]
CHR Extension: (Chrome Media Router) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Extension: (AVG Secure Search) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-07-28]
CHR Extension: (LyricsViewer-1) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\gfafihhpmeohjgoikahkbklkcfeopbjn [2016-01-21] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/41990.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mummy\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-10]
CHR HKU\S-1-5-21-149867241-399488070-2814908897-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files (x86)\Iminent\Iminent.crx" <not found>
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-06-13] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-11-25] ()
U3 alt3ciyj; C:\Windows\System32\Drivers\alt3ciyj.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
2017-06-16 21:09 - 2015-05-08 12:26 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-04-24 10:00 - 2017-04-24 10:00 - 0739904 _____ (Oracle Corporation) C:\Users\Mummy\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-12-09 22:24 - 2016-12-10 01:50 - 8216206 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{07A26D76-F317-42BB-9C2C-2B90DD196594}-DropboxClient_16.3.27.exe
2016-12-09 09:38 - 2016-12-09 09:44 - 0351144 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{1823AA8F-806B-4BB7-B6FD-5AB96E736C58}-DropboxClient_16.3.27.exe
2016-12-11 22:47 - 2016-12-12 12:43 - 5527455 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{184E243B-620A-43FA-9F4A-B6EC9C094910}-DropboxClient_16.3.27.exe
2016-11-11 12:05 - 2016-11-11 20:52 - 7498742 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{1B29AD5F-AB0B-4F58-819E-46A26A3A8528}-DropboxClient_15.3.17.exe
2016-12-10 22:04 - 2016-12-11 16:08 - 14522926 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{1F3AB65E-DD6F-4DC9-890D-8BE5FCA97BA1}-DropboxClient_16.3.27.exe
2016-12-12 12:38 - 2016-12-12 14:07 - 24111551 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{48D7D743-1AF9-4887-836E-852D57BA34FD}-DropboxClient_16.3.27.exe
2016-12-12 12:56 - 2016-12-12 13:50 - 30201090 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{4EEB38DF-CE29-4111-B407-1647097B6F07}-DropboxClient_16.3.27.exe
2016-12-10 01:46 - 2016-12-11 16:07 - 47067390 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{58B4C456-BD3D-4FBD-A973-7AFAFC525087}-DropboxClient_16.3.27.exe
2017-01-05 23:03 - 2017-01-05 23:03 - 0000000 _____ () C:\Users\Mummy\AppData\Local\Temp\{719559E7-AB1D-4F3B-9CF0-82824F7793A3}-DropboxClient_17.3.32.exe
2016-12-11 00:14 - 2016-12-11 16:04 - 0828386 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{748C3151-6BED-4C5B-BF35-A052BFBC70A6}-DropboxClient_16.3.27.exe
2016-12-09 08:49 - 2016-12-09 08:49 - 0000000 _____ () C:\Users\Mummy\AppData\Local\Temp\{BBAD4787-BBD6-4561-B0EE-7F33468A0AE4}-DropboxClient_16.3.27.exe
2016-12-11 00:05 - 2016-12-11 16:04 - 4086690 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{DBF00A9E-0AFE-43D4-B925-4E7B95DC2810}-DropboxClient_16.3.27.exe
2016-11-10 23:41 - 2016-11-11 10:34 - 0676526 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{E4EDE4BC-AFEE-43AE-9357-63ABE9798A89}-DropboxClient_15.3.17.exe
2016-11-10 21:02 - 2016-11-10 23:38 - 0159355 _____ (Dropbox, Inc.) C:\Users\Mummy\AppData\Local\Temp\{EE465490-2DC0-4B6B-8A14-4EDE977CC19F}-DropboxClient_15.3.17.exe
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Mummy\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Mummy\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-149867241-399488070-2814908897-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Mummy\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Mummy\Desktop\7-Zip\7-zip.dll -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Mummy\Desktop\7-Zip\7-zip.dll -> No File
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Mummy\Desktop\7-Zip\7-zip.dll -> No File
Task: {203ED065-BC1C-4772-85FB-FDEFE8B84230} - System32\Tasks\{94C265F0-D761-48F0-9FA3-A6C193349BE9} => pcalua.exe -a C:\Users\Mummy\AppData\Local\Temp\Temp1_dcunlock.zip\dcunlock.exe <==== ATTENTION
Task: {63E71F39-4F9E-4B72-A952-2B7CEA6BAC93} - System32\Tasks\Pokki => C:\Users\Mummy\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
Task: {C29BA776-B922-4836-AE81-84E09C1F67B7} - System32\Tasks\SweetLabs App Platform => C:\Users\Mummy\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-10-30] (Pokki)
2015-05-08 12:26 - 2016-11-25 11:45 - 00980552 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2016-03-19 09:47 - 2017-06-13 21:31 - 02184776 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
AlternateDataStreams: C:\Users\Mummy:Heroes & Generals [38]
CMD: ipconfig /flushdns
EmptyTemp:
End

Save the file as fixlist.txt in to the same location as FRST64.
Right-click the FRST64 icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (fixlog.txt) on the computer Desktop. Please post its entire contents to your reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

 

 

Next,

Please download Junkware Removal Tool and save it to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Right-click on the icon and select Run as administrator.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.

Please post the contents of JRT.txt into your next reply.

 

 

Next,

Please download AdwCleaner and save it to your computer Desktop.

  • Close all open programs and internet browsers.
  • Right-click on the icon and select Run as administrator to start the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

 

 

Next,

The Malwarebytes log shows it found many threats but did not take any action on them.

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits is on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the entire contents of the log in your next reply.

 

 

In your next reply please post the contents of:
fixlog.txt
JRT.txt
AdwCleaner clean log.
Malwarebytes log.

How is the computer running now?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#8 Trackalina

Trackalina

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 18 July 2017 - 08:06 AM

hi Android 8888, thanks for taking the time to help me with this, it is appreciated :) 

 

Regarding the software removal, I have no problem with removing AVG Web Tune-up; it was a trial that came with my antivirus software that has now expired. However, it doesn't want to be removed :/ despite closing Chrome to do so. I checked chrome://extensions/ and it has been disabled. I hope this is enough? The Poki software has been on here since 2014 without issue, and is somehow linked to other software that my son uses so I am loath to take this off if we can work around it? And lastly, the Utility Chest Toolbar Chrome Extension. I can't find it. It's not on my program list to uninstall and it isn't on the chrome://extensions/ list to disable. Can I proceed as is?

 

Thanks



#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,003 posts

Posted 18 July 2017 - 06:06 PM

Hello Trackalina.

Pokki is an Adware program affiliated with third parties and does not assume liability for any content, services, and website related to them. So, the content provided by the application may be unsafe. This is why I recommend removing the tool and not interacting with the apps it provides the users with.

 

Is also very likely that it will be targeted by most of the malware removal tools so I strongly suggest that you remove it.

 

Regarding AVG Web TuneUp and Utility Chest Toolbar Chrome Extension you don't need to worry, since the tools I asked you to run will most likely remove them.

In order to proceed please run the scans that I asked you in the order listed in my previous post and post the requested logs for my review.

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!