1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Very Slow XP Laptop

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by flew, Jan 4, 2017.

  1. flew

    flew Established Techie7 Member

    My laptop runs very very slow, especially at start up. Could it be virus or malware? Thanks for any help you can give me.
    Flew

    Logs:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
    Ran by Connie (administrator) on MOM (03-01-2017 18:48:25)
    Running from C:\Documents and Settings\Connie\Desktop
    Loaded Profiles: Connie & Administrator (Available Profiles: Connie & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    () C:\WINDOWS\system32\WLTRYSVC.EXE
    (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
    (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    (Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
    (Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    (Sierra Wireless Inc.) C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
    (Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Creative Technology Ltd) C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (SanDisk Corporation) C:\Documents and Settings\Connie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
    HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056 2006-01-02] (ATI Technologies Inc.)
    HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-05-02] (CyberLink Corp.)
    HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [WatcherHelper] => C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe [116080 2010-09-14] (Sierra Wireless Inc.)
    HKLM\...\Run: [TRUUpdater] => C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2010-10-08] (Sierra Wireless, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23] (ATI Technologies Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Run: [Creative Detector] => C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [98304 2003-10-02] (Creative Technology Ltd)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Run: [SansaDispatch] => C:\Documents and Settings\Connie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [1465288 2015-12-12] (SanDisk Corporation)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-28] (Piriform Ltd)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\nature.scr [3343360 2004-08-10] (Microsoft Corporation)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-500\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [395776 2006-08-28] (Gteko Ltd.)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-500\...\RunOnce: [avg_spchecker] => "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /start
    HKU\S-1-5-21-2031526256-1584670080-4053835340-500\...\MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe
    IFEO\audiocvt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\ccleaner.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\ctcms.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\dsagnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\dsbrws.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\dshelp.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\groove.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\inetreg.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\infopath.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\msaccess.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\msmsgs.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\msoxmled.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\mspub.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\offdiag.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\onenote.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\outlook.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\pptview.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\presentationhost.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
    GroupPolicyScripts\User: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-07-27] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{A3F982CE-8853-455A-8451-4A835386A034}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061201
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://co103w.col103.mail.live.com/default.aspx
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2031526256-1584670080-4053835340-500\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061201
    HKU\S-1-5-21-2031526256-1584670080-4053835340-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    HKU\S-1-5-21-2031526256-1584670080-4053835340-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061201
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-16] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-16] (Oracle Corporation)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-04] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: cef7vr7a.default-1418937549109
    FF ProfilePath: C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109 [2017-01-03]
    FF user.js: detected! => C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109\user.js [2017-01-03]
    FF DefaultSearchEngine: C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109 -> Google
    FF DefaultSearchEngine.US: C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109 -> Google
    FF Homepage: C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109 -> about:home
    FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-05]
    FF Extension: (Youtube Unblocker Remediation) - C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109\features\{a4c6006c-9e71-42cd-87e3-db21cd66468a}\malware-remediation@mozilla.org.xpi [2016-12-05]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11] [not signed]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-09-10]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-16] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-16] (Oracle Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2007-12-19] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2005-08-09] (America Online, Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://hotmail.com/
    CHR StartupUrls: Default -> "hxxp://hotmail.com/"
    CHR Session Restore: Default -> is enabled.
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (Google Gadget Plugin) - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll ()
    CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL => No File
    CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (AOL Media Playback Plugin) - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll (America Online, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-01-03]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
    CHR Extension: (TelevisionFanatic) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh [2016-10-03]
    CHR Profile: C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile [2017-01-03]
    CHR Extension: (Google Slides) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-21]
    CHR Extension: (Google Docs) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-21]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-21]
    CHR Extension: (YouTube) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-21]
    CHR Extension: (Google Search) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-21]
    CHR Extension: (Google Sheets) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-21]
    CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-21]
    CHR Extension: (Gmail) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-21]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4152896 2016-11-02] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [604824 2016-11-02] (AVG Technologies CZ, s.r.o.)
    R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-28] (Macrovision Europe Ltd.) [File not signed]
    R4 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
    R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
    S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation) [File not signed]
    S4 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation) [File not signed]
    R4 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [238960 2010-12-02] (Sierra Wireless, Inc.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3844880 2016-11-25] (AVG Technologies CZ, s.r.o.)
    R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed]
    S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [X]
    S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [246528 2016-10-17] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [219904 2016-10-19] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
    R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
    R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
    S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.) [File not signed]
    R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [55152 2009-02-06] (Microsoft Corporation)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP) [File not signed]
    R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
    S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
    R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed]
    R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.) [File not signed]
    R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-24] (SigmaTel, Inc.)
    R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-11-25] (AVG Netherlands B.V.)
    S3 HPZid412; system32\DRIVERS\HPZid412.sys [X]
    S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [X]
    S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
    S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
    S3 PSMNMDMVSP; system32\DRIVERS\PSMNMDMVSP.sys [X]
    S3 PSMNMSMVSP; system32\DRIVERS\PSMNMSMVSP.sys [X]
    S3 PSMNNET; system32\DRIVERS\PSMNNET.sys [X]
    S3 PSMNRMNET; system32\DRIVERS\PSMNRMNET.sys [X]
    S3 PTHDRBUS; system32\DRIVERS\PTHDRBUS.sys [X]
    S3 PTHDRMDM; system32\DRIVERS\PTHDRMDM.sys [X]
    S3 PTHDRVSP; system32\DRIVERS\PTHDRVSP.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-03 18:48 - 2017-01-03 18:50 - 00029027 _____ C:\Documents and Settings\Connie\Desktop\FRST.txt
    2017-01-03 18:48 - 2017-01-03 18:48 - 00000000 ____D C:\FRST
    2017-01-03 18:45 - 2017-01-03 18:46 - 01760256 _____ (Farbar) C:\Documents and Settings\Connie\Desktop\FRST.exe
    2017-01-03 16:31 - 2017-01-03 16:31 - 00001756 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp.lnk
    2017-01-03 16:31 - 2017-01-03 16:31 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
    2017-01-03 16:31 - 2017-01-03 16:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp
    2017-01-03 16:31 - 2016-11-25 13:45 - 00049936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
    2017-01-03 16:23 - 2017-01-03 16:28 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\Application Data\AvgSetupLog
    2017-01-03 15:50 - 2017-01-03 15:50 - 00002305 _____ C:\Documents and Settings\All Users\Desktop\OverDrive for Windows.lnk
    2017-01-03 15:49 - 2017-01-03 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive for Windows
    2017-01-03 15:49 - 2017-01-03 15:49 - 00000000 ____D C:\Program Files\OverDrive for Windows
    2016-12-24 20:12 - 2016-12-24 20:12 - 00189148 _____ C:\Documents and Settings\Connie\My Documents\MusiciansFriend.pdf
    2016-12-24 17:47 - 2016-12-24 17:47 - 00201698 _____ C:\Documents and Settings\Connie\My Documents\Your order has been shipped - Connie Schmitt.pdf
    2016-12-24 17:46 - 2016-12-24 17:46 - 00230242 _____ C:\Documents and Settings\Connie\My Documents\Mail - Connie Schmitt - Outlook.pdf
    2016-12-24 17:41 - 2016-12-24 17:41 - 00000000 ____D C:\spoolerlogs
    2016-12-09 01:26 - 2017-01-03 16:55 - 00000424 _____ C:\WINDOWS\Tasks\AVG-SSU_1216avz.job
    2016-12-09 01:26 - 2017-01-03 16:43 - 00000508 _____ C:\WINDOWS\Tasks\AVG-SSU_1216avz_DELETE.job
    2016-12-09 01:26 - 2016-12-09 01:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg_Update_1216avz
    2016-12-07 20:09 - 2016-12-07 20:09 - 00779938 _____ C:\Documents and Settings\Connie\My Documents\Inv_100000662BO_from_Continental_Art_Center_Inc._9488.pdf
    2016-12-06 10:18 - 2016-12-06 10:18 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\Application Data\CEF

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-03 18:51 - 2006-12-25 12:51 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\Temp
    2017-01-03 18:39 - 2011-08-04 10:58 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2017-01-03 17:54 - 2015-12-12 12:26 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\clipzip01.01.21
    2017-01-03 17:54 - 2015-06-25 15:17 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\Outlook.com - ikanfly@hotmail.com_files
    2017-01-03 17:54 - 2013-10-04 14:07 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\Gift Shop Wish Lists
    2017-01-03 17:54 - 2012-09-10 14:46 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\Picture
    2017-01-03 17:54 - 2006-12-25 12:51 - 00000000 ___RD C:\Documents and Settings\Connie\My Documents
    2017-01-03 17:54 - 2006-12-01 08:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Videos
    2017-01-03 17:54 - 2006-12-01 07:27 - 00000000 ____D C:\i386
    2017-01-03 17:31 - 2006-12-25 12:51 - 00000000 ____D C:\Documents and Settings\Connie
    2017-01-03 17:29 - 2014-03-09 18:24 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2017-01-03 17:29 - 2014-03-09 18:24 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2017-01-03 17:29 - 2013-03-26 10:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2017-01-03 17:18 - 2015-03-26 07:49 - 00000000 ____D C:\Documents and Settings\Connie\Application Data\HpUpdate
    2017-01-03 17:18 - 2010-06-07 10:16 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\My Digital Editions
    2017-01-03 17:16 - 2008-08-28 12:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 8.5
    2017-01-03 17:09 - 2015-06-23 15:56 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\Application Data\Dropbox
    2017-01-03 16:44 - 2006-12-01 08:12 - 00000000 ____D C:\MDT
    2017-01-03 16:43 - 2011-08-04 10:58 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2017-01-03 16:43 - 2005-08-16 02:18 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2017-01-03 16:42 - 2005-08-16 02:38 - 00000000 ____D C:\WINDOWS\Registration
    2017-01-03 16:39 - 2005-08-16 02:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-01-03 16:38 - 2006-12-25 12:51 - 00000278 ___SH C:\Documents and Settings\Connie\ntuser.ini
    2017-01-03 16:38 - 2006-12-01 07:53 - 00004608 _____ C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
    2017-01-03 16:38 - 2005-08-16 02:49 - 00032562 ____N C:\WINDOWS\SchedLgU.Txt
    2017-01-03 16:37 - 2015-06-05 08:58 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\Application Data\Avg
    2017-01-03 16:29 - 2016-11-14 20:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
    2017-01-03 16:28 - 2008-08-28 12:30 - 00000000 ____D C:\Program Files\AVG
    2017-01-03 15:56 - 2009-08-11 20:05 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-01-03 15:29 - 2014-08-29 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
    2017-01-03 15:19 - 2005-08-16 02:22 - 00000000 ___HD C:\WINDOWS\inf
    2017-01-03 15:14 - 2006-12-01 07:51 - 00000000 ____D C:\Program Files\Dell
    2017-01-03 15:12 - 2014-04-09 10:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Pantech
    2017-01-03 15:12 - 2006-12-01 07:55 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2017-01-03 15:10 - 2014-04-09 10:07 - 00000000 ____D C:\Program Files\Pantech
    2017-01-03 14:46 - 2006-12-01 08:22 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
    2016-12-28 13:14 - 2008-06-04 08:34 - 00000000 ___RD C:\Documents and Settings\Connie\My Documents\Audio Books
    2016-12-18 20:16 - 2006-12-25 21:34 - 00000000 __SHD C:\WINDOWS\CSC
    2016-12-14 03:07 - 2015-09-13 17:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2016-12-06 12:10 - 2005-08-16 02:33 - 00635578 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-12-06 12:10 - 2005-08-16 02:18 - 00525812 _____ C:\WINDOWS\system32\perfh009.dat
    2016-12-06 12:10 - 2005-08-16 02:18 - 00096938 _____ C:\WINDOWS\system32\perfc009.dat
    2016-12-06 11:01 - 2005-08-16 02:22 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2016-12-06 10:31 - 2016-11-14 20:25 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
    2016-12-06 10:31 - 2016-11-14 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
    2016-12-06 10:24 - 2014-08-29 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2016-12-06 10:22 - 2014-08-29 17:06 - 00000000 ___HD C:\$AVG
    2016-12-06 10:13 - 2005-08-16 02:22 - 00000000 ____D C:\WINDOWS\WinSxS
    2016-12-05 12:18 - 2006-12-25 12:51 - 00000000 ___HD C:\Documents and Settings\Connie\NetHood

    ==================== Files in the root of some directories =======

    2013-07-18 08:47 - 2013-07-18 08:52 - 0000065 _____ () C:\Documents and Settings\Connie\Application Data\mbam.context.scan
    2013-07-18 08:40 - 2013-07-18 08:40 - 0000000 _____ () C:\Documents and Settings\Connie\Application Data\SharedSettings.ccs
    2007-01-01 12:47 - 2016-10-20 09:14 - 0003792 _____ () C:\Documents and Settings\Connie\Application Data\wklnhst.dat
    2006-12-25 12:51 - 2006-12-25 12:52 - 0000129 _____ () C:\Documents and Settings\Connie\Local Settings\Application Data\fusioncache.dat
    2015-08-17 22:22 - 2015-08-17 22:22 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
    Ran by Connie (03-01-2017 18:51:43)
    Running from C:\Documents and Settings\Connie\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) (2006-12-25 20:51:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2031526256-1584670080-4053835340-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Connie (S-1-5-21-2031526256-1584670080-4053835340-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Connie
    Guest (S-1-5-21-2031526256-1584670080-4053835340-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-2031526256-1584670080-4053835340-1005 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-2031526256-1584670080-4053835340-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
    Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe PhotoDeluxe Home Edition 4.1 (HKLM\...\Adobe PhotoDeluxe Home Edition 4.1) (Version: 4.1 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - hxxp://www.adobe.com)
    Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
    AOLIcon (Version: 1.00.0000 - Dell) Hidden
    ATI Catalyst Control Center (HKLM\...\{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}) (Version: 1.2.2334.37172 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.261-060523a1-033841C-Dell - )
    Avery Design & Print (HKLM\...\Avery Design & Print 3.0.2) (Version: 3.0.2 - Avery Products Corporation)
    AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
    AVG (Version: 16.131.7924 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4739 - AVG Technologies) Hidden
    AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.63.2.50050 - AVG Technologies)
    AVG PC TuneUp (Version: 16.63.4 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.131.7924 - AVG Technologies)
    AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
    Broadcom Management Programs (HKLM\...\{26E1BFB0-E87E-4696-9F89-B467F01F81E5}) (Version: 8.65.05 - Broadcom Corporation)
    BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    California Friendly Gardening for San Diego County (HKLM\...\{60428933-7347-4EE3-97E3-9EE1362CDA4B}) (Version: 1.00.0000 - GardenSoft)
    CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
    Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Complete Landscape Designer Deluxe Edition (HKLM\...\Complete Landscape Designer Deluxe Edition) (Version: - )
    Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - )
    Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version: - )
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
    Dell Support 3.2.1 (HKLM\...\{CEE2252C-4035-4B27-8EC6-0B085DD3A413}) (Version: 5.5.2087 - Dell)
    Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
    Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
    Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
    Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
    GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
    HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
    HP Officejet 4630 series Basic Device Software (HKLM\...\{51CE4FA1-8EF3-4293-8396-5820C08AB8C8}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
    HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Support Solutions Framework (HKLM\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java(TM) 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
    Lame ACM MP3 Codec (HKLM\...\Lame MP3 Codec (for the ACM)) (Version: - )
    MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
    Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Outlook 2003 with Business Contact Manager Update (HKLM\...\{BA68600E-96D9-4E92-80F2-26B9681B5A63}) (Version: 2.0.5324.0 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM\...\{95120000-0120-0409-0000-0000000FF1CE}) (Version: 12.0.6414.1000 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
    Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Mozilla Firefox 45.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version: - )
    MSVCSetup (Version: 1.00.0000 - HP) Hidden
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MuVo Driver (HKLM\...\MuVo Driver) (Version: - )
    Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
    OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
    OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
    PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
    RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
    Sansa Updater (HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Sansa Updater) (Version: - SanDisk Corporation)
    Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
    Seagate Manager Installer (Version: 2.01.0600 - Seagate) Hidden
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Serif 3DPlus 2.0 (HKLM\...\{A36638C0-D8B9-11D3-9801-00A0CC555167}) (Version: - )
    Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version: - )
    Serif PagePlus SE 1.0 (HKLM\...\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}) (Version: 1.00 - Serif)
    Serif PhotoPlus 6.0 (HKLM\...\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}) (Version: 6.00 - Serif)
    Sierra Wireless AirCard Watcher (HKLM\...\{CE619CFC-F5C0-43CC-AA66-BEDDA623CCA1}) (Version: 6.0.2849.0001 - Sierra Wireless Inc.)
    SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
    Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
    TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
    URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
    VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] (HKLM\...\EmeraldQFE2) (Version: - Microsoft Corporation)
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2031526256-1584670080-4053835340-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AVG-SSU_1216avz.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_1216avz\AVG-Secure-Search-Update_1216avz.exe
    Task: C:\WINDOWS\Tasks\AVG-SSU_1216avz_DELETE.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_1216avz\AVG-Secure-Search-Update_1216avz.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Documents and Settings\Connie\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Digital Editions\Help.lnk -> hxxp://www.adobe.com/products/digitaleditions/help
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Digital Editions\Home Page.lnk -> hxxp://www.adobe.com/products/digitaleditions

    ==================== Loaded Modules (Whitelisted) ==============

    2006-12-01 07:26 - 2006-11-01 19:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
    2006-12-01 07:26 - 2006-11-01 19:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c79046e0\mscorlib.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_72306d83\system.windows.forms.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_89952375\system.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d837d88e\system.xml.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_da7dac19\system.drawing.dll
    2010-10-08 14:01 - 2010-10-08 14:01 - 00247152 _____ () C:\Program Files\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
    2016-12-06 10:11 - 2016-12-06 10:11 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
    2005-08-16 02:18 - 2008-04-13 16:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2005-08-16 02:18 - 2008-04-13 16:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2016-07-14 17:41 - 2016-07-06 17:01 - 17602240 _____ () C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
    2016-09-06 19:08 - 2016-09-06 11:00 - 05197312 _____ () C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
    2016-09-06 19:08 - 2016-09-06 11:00 - 00147456 _____ () C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\aol.com -> hxxp://free.aol.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2005-08-16 02:18 - 2014-12-14 14:12 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
    HKU\S-1-5-21-2031526256-1584670080-4053835340-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\dell.bmp
    DNS Servers: 192.168.0.1
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    MSCONFIG\startupreg: Dropbox Update => "C:\Documents and Settings\Connie\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe" /c
    MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: UserFaultCheck => %systemroot%\system32\dumprep 0 -u

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
    DomainProfile\AuthorizedApplications: [C:\Program Files\BearShare Applications\BearShare\BearShare.exe] => Enabled:BearShare
    StandardProfile\AuthorizedApplications: [C:\Program Files\Dell\MediaDirect\PCMService.exe] => Enabled:CyberLink PowerCinema Resident Program
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
    StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe] => C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater
    StandardProfile\AuthorizedApplications: [C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe] => Enabled:CLI Application (Command Line Interface)
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\FaxApplications.exe] => :LocalSubNet:Enabled:HP Officejet 4630 series FaxApplications
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\DigitalWizards.exe] => :LocalSubNet:Enabled:HP Officejet 4630 series DigitalWizards
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\SendAFax.exe] => :LocalSubNet:Enabled:HP Officejet 4630 series SendFaxAppExe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Officejet 4630 series)
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet 4630 series)
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:personal Email Scanner
    DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [5357:TCP] => Enabled:WS-Eventing TCP Port 5357

    ==================== Restore Points =========================

    03-01-2017 15:49:53 Installed OverDrive for Windows

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/03/2017 03:48:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application chrome.exe, version 49.0.2623.112, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (01/03/2017 03:48:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application chrome.exe, version 49.0.2623.112, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (01/03/2017 02:42:10 PM) (Source: MsiInstaller) (EventID: 11406) (User: NT AUTHORITY)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2016 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AV. System error . Verify that you have sufficient access to that key, or contact your support personnel.

    Error: (01/03/2017 02:09:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 249026984

    Error: (01/03/2017 02:09:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 249026984

    Error: (01/03/2017 02:09:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/03/2017 02:09:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 249024875

    Error: (01/03/2017 02:09:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 249024875

    Error: (01/03/2017 02:09:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/03/2017 02:09:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 249022921


    System errors:
    =============
    Error: (01/03/2017 05:43:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
    in order to run the server:
    {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (01/03/2017 04:42:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The HP CUE DeviceDiscovery Service service terminated with the following error:
    Unspecified error

    Error: (01/03/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.

    Error: (01/03/2017 04:40:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Pml Driver HPZ12 service terminated with the following error:
    The specified module could not be found.

    Error: (01/03/2017 04:40:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Net Driver HPZ12 service terminated with the following error:
    The specified module could not be found.

    Error: (01/03/2017 04:40:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Solutions Framework Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (01/03/2017 04:40:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

    Error: (01/03/2017 04:40:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/03/2017 04:40:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/03/2017 03:32:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The HP CUE DeviceDiscovery Service service terminated with the following error:
    Unspecified error


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz
    Percentage of memory in use: 70%
    Total physical RAM: 1022.37 MB
    Available physical RAM: 304.97 MB
    Total Virtual: 2459.53 MB
    Available Virtual: 1425.7 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:67.83 GB) (Free:25.47 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 74.5 GB) (Disk ID: E686F016)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Active) - (Size=67.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=2 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=4.6 GB) - (Type=DB)

    ==================== End of Addition.txt ============================
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  3. flew

    flew Established Techie7 Member

    I have run all the scans. There doesn't seem to be much change in computer start up performance. It is still slow. On screen performance is much better, though.
    Logs:

    RogueKiller V12.9.1.0 [Jan 2 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Connie [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Mode : Delete -- Date : 01/04/2017 11:02:32 (Duration : 01:10:45)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 9 ¤¤¤
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\W3i -> Not selected
    [PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AVG Security Toolbar -> Not selected
    [PUP.Gen1] HKEY_USERS\.DEFAULT\Software\IGearSettings -> Not selected
    [PUP.Gen1] HKEY_USERS\.DEFAULT\Software\Viewpoint -> Not selected
    [PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AVG Security Toolbar -> Not selected


    [PUP.Gen1] HKEY_USERS\S-1-5-18\Software\IGearSettings -> Not selected
    [PUP.Gen1] HKEY_USERS\S-1-5-18\Software\Viewpoint -> Not selected
    [PUM.Https] HKEY_USERS\S-1-5-21-2031526256-1584670080-4053835340-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-2031526256-1584670080-4053835340-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://co103w.col103.mail.live.com/default.aspx -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 6 ¤¤¤
    [PUP.Gen1][Folder] C:\Documents and Settings\Connie\Application Data\HPAppData -> Deleted
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> Deleted
    [PUP.Gen1][File] C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\TBCampaignINSP.txt -> Deleted
    [Hj.Shortcut][File] C:\Program Files\Dell\Launcher\files\Dell Download Center.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.dell.com/download/ -> Deleted
    [PUP.Gen3][File] C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml -> Deleted
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> ERROR [3]
    [PUP.Gen1][Folder] C:\Documents and Settings\Connie\Application Data\HPAppData -> ERROR [3]

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 3 ¤¤¤
    [PUP.Gen1][Chrome:Addon] Default : TelevisionFanatic [ppgplhcfmaadpnkmnkhgadmaekeldbnh] -> Not selected
    [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://hotmail.com/] -> Not selected
    [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://hotmail.com/] -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS541680J9SA00 +++++
    --- User ---
    [MBR] 1f185e6753f730b62a28b11345cd1ff9
    [BSP] 3efdd157322bc54deb4f0f8435ac64f6 : Dell MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 96390 | Size: 69460 MB [Windows XP Bootstrap | Windows XP Bootloader]
    2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 142368030 | Size: 2047 MB
    3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 146560995 | Size: 4753 MB
    User = LL1 ... OK
    User = LL2 ... OK

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/4/17
    Scan Time: 12:55 PM
    Logfile: mwb.txt
    Administrator: Yes

    -Software Information-
    Version: 3.0.5.1299
    Components Version: 1.0.43
    Update Package Version: 1.0.927
    License: Trial

    -System Information-
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: MOM\Connie

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 316515
    Time Elapsed: 30 min, 38 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 2
    PUP.Optional.Reimage, HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, No Action By User, [1317], [327205],1.0.927
    RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE, No Action By User, [878], [249037],1.0.927

    Registry Value: 1
    RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE|DEBUGGER, No Action By User, [878], [249037],1.0.927

    Data Stream: 0
    (No malicious items detected)

    Folder: 85
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\abstractbutton\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedscript\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\thirdparty\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\uninstall\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedhtml\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\weather\css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\topapps\css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\weather\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\weather\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\topapps\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\generic\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\radio\css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedscript\html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\alert\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\flare\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\radio\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\moviereviews\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\topapps, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\link\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\weather, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\abstractbutton, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedhtml\html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedscript\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\common, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\rss\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\rss\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\radio, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\test, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedhtml\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedscript, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\flare\icons, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\images, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\rss, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio\radioWrapper, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\search\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\thirdparty, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\moviereviews\html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedhtml, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio\foreground, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\uninstall, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\moviereviews\css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\moviereviews\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\generic, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\weather, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api\background, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\alert, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\flare, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\moviereviews, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\search\html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\link, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\rss, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api\window, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio\css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\search, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\adapter, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\native\libs, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\_metadata, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\native, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\icons, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH, No Action By User, [342], [301932],1.0.927

    File: 241
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_televisionfanatic.dl.myway.com_0.localstorage, No Action By User, [342], [240305],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_televisionfanatic.dl.tb.ask.com_0.localstorage, No Action By User, [342], [240306],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\MANIFEST.JSON, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\adapter\adapterUtil.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\adapter\widget-adapter.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\abstractbutton\background\abstractButton.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\alert\background\alertButton.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedhtml\background\embedHtmlWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedhtml\html\embedHtmlTemplate.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedhtml\js\embedHtmlUI.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedscript\background\embedScriptWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedscript\html\embedScriptTemplate.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\embedscript\js\embedScriptUI.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\flare\background\FlareWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\flare\icons\Icon_Flare_blue.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\flare\icons\Icon_Flare_pink.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\flare\icons\Thumbs.db, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\generic\background\GenericWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\link\background\linkButton.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\background\menuButton.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\css\menuframe.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\html\menuframe.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\images\right_arrow.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\images\right_arrow_white.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\js\jquery-1.7.1.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\js\menuframe.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\js\query-string.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\js\underscore-1.3.1.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\menu\README.txt, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\rss\background\RssWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\thirdparty\background\thirdPartyWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\uninstall\background\uninstallButton.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\components\weather\background\weatherButton.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\bs.30.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\common.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\dynamic.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\enableDetect.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\eventListening.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\global.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\jquery-1.7.1.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\list-interaction.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\messageEventListener.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\navRedirector.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\paramReplacer.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\PartnerId.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\set.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\underscore-1.3.1.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\underscore-1.5.2.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\js\unifiedLogging.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\common\common.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\common\eventListening.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\common\list-interaction.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\common\set.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\radio\css\radio-widget.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\radio\js\radio-custom.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\radio\js\radio-parser.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\radio\js\radio-widget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\radio\radio-widget.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\rss\js\rss-widget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\rss\rssWidget.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\test\invalid.json, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\test\jquery.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\test\qunit.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\test\qunit.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\test\resource.json, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\test\resource.xml, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\test\testWidget.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\test\testWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\topapps\css\widget.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\topapps\js\topapps-config.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\topapps\js\widget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\topapps\widget.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\weather\css\weatherButton.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\weather\js\weather.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widgets\weather\weatherButton.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\common\widget-api\widget-context-1.0.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api\background\ApiBasedWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api\background\widget-api-impl.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api\window\hiddenWidgetWindow.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api\window\hiddenWidgetWindow.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api\window\hiddenWidgetWindowInit.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api\window\widgetWindow.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\api\window\widgetWindow.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\background\updateSearch.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\background\updateSearchPromptBg.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\07_buttons2.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\08_buttons2.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\defaultSearchModal.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\tvf_btn_ok.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\tvf_btn_ok2.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\tvf_restart_icon.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\defaultSearch\foreground\updateSearchPromptFg.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\moviereviews\background\MovieReviewsWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\moviereviews\css\movieReviews.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\moviereviews\html\movieReviews.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\moviereviews\js\movieReviews.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio\background\RadioWidget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio\css\toolbar-item.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio\foreground\button.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio\radioWrapper\radioWrapper.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\radio\radioWrapper\radioWrapper.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\search\background\searchBox.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\search\html\searchSuggestions.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\search\html\searchSuggestions.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\search\html\searchSuggestions.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\search\html\searchSuggestionsInit.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\css\supertab.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\html\supertab.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\js\newtabfork.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\js\reporting.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\js\srchsugg.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\js\supertab.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\js\unifiedLogging.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\components\supertab\js\__utm.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\icons\arrowSprite.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\icons\icon128.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\icons\icon16.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\icons\icon19disabled.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\icons\icon19on.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\icons\icon48.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\icons\tb_icon_search_disappearing_ask.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\223757258.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\223757267.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\223757273.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\223757278.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\223757282.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\223757287.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\223757306.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\224931024.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\225241038.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\230584985.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\down_arrow.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\IDR_PRODUCT_LOGO_16.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\IDR_WEBSTORE_ICON.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\magnifying_glass.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\RadioPlayerSprite.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\search_button.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\tvf_icon_guide.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\tvf_logo.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\images\wrench.png, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\newTabInitialize.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\chromeStorage.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\chromeUtils.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\companionSWUtils.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\exeManager.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\exeManagerNMD.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\exePackageManager.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\focusManager.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\globalBlacklistManager.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\messaging.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\mutation_summary-min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\mutation_summary.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\nativeMessagingDispatcher.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\newTabInfo.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\options.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\readLocalStorage.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\reservespacefortoolbar.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\reservespaceifenabled.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\scriptInjector.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\searchContext.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\settingsOverrides.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\toolbarCookieParser.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\toolbarPreinit.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\underscore-1.3.1.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\URILoaderContentScript.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\webTooltabAPI.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\Widget.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\widgetContentScriptInjectee.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\widgetFactory.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\js\widgetWindowManager.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\native\libs\jquery-1.7.1.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\native\libs\jquery-1.9.1.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\native\libs\underscore-1.5.2.min.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\native\cache.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\native\ce.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\native\debug.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\native\ss.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\activePing.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\buttonLogger.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\competitorDnsList.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\console.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\FFPreferencesPersister.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\httpTransport.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\HttpURL.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\internationalSearch.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\LocalStoragePersister.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\MindsparkGlobal.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\MindsparkGlobal.unitTest.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\MindsparkGlobalNotes.txt, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\rsvp-latest.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\searchSuggestLocale.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\testHttpTransport.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\unifiedLogger.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\unifiedLogging.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\universalConsole.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\shared\utils.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\_metadata\computed_hashes.json, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\_metadata\verified_contents.json, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\spent.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\bg.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\buildVars, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\buildVars.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\companionSW.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\config.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\contentScript.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\contentScript.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\debug.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\debug.jade, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\extension_toolbar_api.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\initWidgetWindow.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\newTabContentScript.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\options.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\spent.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\spent.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\spent2.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\spent2.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\spentJ.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\spentK.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\spentK.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\startup.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\stub.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\stubby.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\superFrame.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\toolbar.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\toolbar.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\toolbarUI.css, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\toolbarUI.html, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\toolbarUI.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\url.js, No Action By User, [342], [301932],1.0.927
    PUP.Optional.MindSpark, C:\DOCUMENTS AND SETTINGS\CONNIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPGPLHCFMAADPNKMNKHGADMAEKELDBNH\12.202.10.30416_0\webtooltab.cs.js, No Action By User, [342], [301932],1.0.927

    Physical Sector: 0
    (No malicious items detected)


    (end)

    # AdwCleaner v6.041 - Logfile created 04/01/2017 at 14:11:40
    # Updated on 16/12/2016 by Malwarebytes
    # Database : 2016-12-15.1 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (X86)
    # Username : Connie - MOM
    # Running from : C:\Documents and Settings\Connie\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Avg_Update_0415av
    [-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av
    [-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Avg_Update_1216avz


    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key deleted: HKU\.DEFAULT\Software\AVG Security Toolbar
    [-] Key deleted: HKU\.DEFAULT\Software\IGearSettings
    [-] Key deleted: HKU\.DEFAULT\Software\Viewpoint
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Security Toolbar
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\IGearSettings
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\Viewpoint
    [-] Key deleted: HKLM\SOFTWARE\W3I


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [1633 Bytes] - [04/01/2017 14:11:40]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1868 Bytes] - [04/01/2017 14:06:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1779 Bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Microsoft Windows XP x86
    Ran by Connie (Administrator) on Wed 01/04/2017 at 14:22:27.76
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 17

    Successfully deleted: C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109\user.js (File)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\379HEO88 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6V5YHL0H (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AZ55JNU7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G1IKHECU (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JGROB2ZB (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQ7YTG53 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WSKNNKT8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WVXRS1BJ (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\379HEO88 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6V5YHL0H (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AZ55JNU7 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G1IKHECU (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JGROB2ZB (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WQ7YTG53 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WSKNNKT8 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WVXRS1BJ (Temporary Internet Files Folder)



    Registry: 2

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 01/04/2017 at 14:32:34.18
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  5. flew

    flew Established Techie7 Member

    Combofix log:
    ComboFix 17-01-04.01 - Connie 01/04/2017 19:11:32.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.333 [GMT -8:00]
    Running from: c:\documents and settings\Connie\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Malwarebytes *Enabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Connie\Desktop\Setup.exe
    c:\windows\system32\DEBUG.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-12-05 to 2017-01-05 )))))))))))))))))))))))))))))))
    .
    .
    2017-01-04 22:04 . 2017-01-04 22:11 -------- d-----w- C:\AdwCleaner
    2017-01-04 20:55 . 2017-01-05 00:04 142112 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
    2017-01-04 20:54 . 2017-01-05 02:50 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
    2017-01-04 20:53 . 2017-01-05 02:49 219072 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2017-01-04 20:51 . 2016-12-14 20:55 59968 ----a-w- c:\windows\system32\drivers\mbae.sys
    2017-01-04 20:51 . 2017-01-04 20:51 -------- d-----w- c:\program files\Malwarebytes
    2017-01-04 20:44 . 2012-02-24 19:32 159744 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\npqtplugin7.dll
    2017-01-04 20:44 . 2012-02-24 19:32 159744 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\npqtplugin6.dll
    2017-01-04 20:44 . 2012-02-24 19:32 159744 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\npqtplugin5.dll
    2017-01-04 20:44 . 2005-08-09 18:42 57344 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\npunagi2.dll
    2017-01-04 20:44 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\nppdf32.dll
    2017-01-04 20:44 . 2012-02-24 19:32 159744 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\npqtplugin4.dll
    2017-01-04 20:44 . 2012-02-24 19:32 159744 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\npqtplugin3.dll
    2017-01-04 20:44 . 2012-02-24 19:32 159744 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\npqtplugin2.dll
    2017-01-04 20:44 . 2012-02-24 19:32 159744 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\npqtplugin.dll
    2017-01-04 20:44 . 2007-12-19 12:57 310272 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\npGoogleGadgetPluginFirefoxWin.dll
    2017-01-04 20:44 . 2007-04-11 00:21 163256 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\np-mswmp.dll
    2017-01-04 20:44 . 2006-10-27 03:12 16192 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\NPOFF12.DLL
    2017-01-04 19:01 . 2017-01-04 19:01 -------- d-----w- c:\program files\RogueKiller
    2017-01-04 02:48 . 2017-01-04 02:53 -------- d-----w- C:\FRST
    2017-01-04 00:31 . 2016-11-25 21:45 49936 ----a-w- c:\windows\system32\TURegOpt.exe
    2017-01-04 00:31 . 2017-01-04 00:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG
    2017-01-04 00:23 . 2017-01-04 00:28 -------- d-----w- c:\documents and settings\Connie\Local Settings\Application Data\AvgSetupLog
    2017-01-03 23:49 . 2017-01-03 23:49 -------- d-----w- c:\program files\OverDrive for Windows
    2016-12-25 01:41 . 2016-12-25 01:41 -------- d-----w- C:\spoolerlogs
    2016-12-06 18:18 . 2016-12-06 18:18 -------- d-----w- c:\documents and settings\Connie\Local Settings\Application Data\CEF
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2017-01-04 19:02 . 2014-12-13 02:31 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-11-30 16:08 . 2014-06-17 23:22 244992 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2016-11-04 21:21 . 2014-07-22 04:03 246528 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 98304]
    "HP Officejet 4630 series (NET)"="c:\program files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" [2014-07-21 2427400]
    "SansaDispatch"="c:\documents and settings\Connie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2015-12-12 1465288]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-09-28 6889176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-03 184320]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
    "AVG_UI"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2016-12-06 220944]
    "WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2010-09-15 116080]
    "TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2010-10-09 329072]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
    "AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2016-12-06 220944]
    "Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2016-12-14 2776528]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\Av\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-03-09 18:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
    2016-09-28 17:23 6889176 ----a-w- c:\program files\CCleaner\CCleaner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2006-03-25 05:30 282624 ----a-w- c:\windows\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\TRUUpdater.exe"= c:\\Program Files\\Sierra Wireless Inc\\WebUpdater\\TRUUpdater.exe
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\AVG\\Av\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\Av\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\Av\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5357:TCP"= 5357:TCP:WS-Eventing TCP Port 5357
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [6/17/2014 3:17 PM 207616]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [6/17/2014 3:18 PM 287008]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [6/17/2014 3:06 PM 47360]
    R0 avgunivx;AVG Universal Driver;c:\windows\system32\drivers\avgunivx.sys [6/20/2016 3:17 PM 65280]
    R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [1/4/2017 12:53 PM 219072]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [6/30/2014 11:43 AM 134912]
    R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [7/21/2014 8:03 PM 246528]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [6/17/2014 3:06 PM 31664]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [6/17/2014 3:22 PM 244992]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [6/17/2014 3:21 PM 231680]
    R1 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [1/4/2017 12:55 PM 142112]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\Av\avgidsagent.exe [12/15/2016 10:43 AM 4154016]
    R2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [12/6/2016 10:12 AM 935184]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\Av\avgwdsvcx.exe [12/15/2016 10:35 AM 603288]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
    R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [1/4/2017 12:51 PM 3381200]
    R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [12/2/2010 7:12 PM 238960]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [11/25/2016 1:42 PM 3844880]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [11/25/2016 1:37 PM 31792]
    S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\HP\Common\HPSupportSolutionsFrameworkService.exe [5/21/2014 10:34 AM 49464]
    S3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [1/4/2017 12:54 PM 39360]
    S3 PSMNBUS;Pantech Android USB Composite Device Ver1 Driver;c:\windows\system32\DRIVERS\PSMNBUS.sys --> c:\windows\system32\DRIVERS\PSMNBUS.sys [?]
    S3 PSMNMDM;Pantech Android USB Modem Ver1 Drivers;c:\windows\system32\DRIVERS\PSMNMDM.sys --> c:\windows\system32\DRIVERS\PSMNMDM.sys [?]
    S3 PSMNMDMVSP;Pantech Android MDM Diagnostic Serial Port Ver1;c:\windows\system32\DRIVERS\PSMNMDMVSP.sys --> c:\windows\system32\DRIVERS\PSMNMDMVSP.sys [?]
    S3 PSMNMSMVSP;Pantech Android MSM Diagnostic Serial Port Ver1;c:\windows\system32\DRIVERS\PSMNMSMVSP.sys --> c:\windows\system32\DRIVERS\PSMNMSMVSP.sys [?]
    S3 PSMNNET;Pantech Android MDM WWAN;c:\windows\system32\DRIVERS\PSMNNET.sys --> c:\windows\system32\DRIVERS\PSMNNET.sys [?]
    S3 PSMNRMNET;Pantech Android MDM RMNET Device;c:\windows\system32\DRIVERS\PSMNRMNET.sys --> c:\windows\system32\DRIVERS\PSMNRMNET.sys [?]
    S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;c:\windows\system32\DRIVERS\PTHDRBUS.sys --> c:\windows\system32\DRIVERS\PTHDRBUS.sys [?]
    S3 PTHDRMDM;PANTECH HSUSB Modem;c:\windows\system32\DRIVERS\PTHDRMDM.sys --> c:\windows\system32\DRIVERS\PTHDRMDM.sys [?]
    S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;c:\windows\system32\DRIVERS\PTHDRVSP.sys --> c:\windows\system32\DRIVERS\PTHDRVSP.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    *Deregistered* - ESProtectionDriver
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2016-04-11 21:10 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2017-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-26 18:14]
    .
    2017-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 18:13]
    .
    2017-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 18:13]
    .
    2017-01-05 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    - c:\windows\system32\xp_eos.exe [2014-03-07 01:59]
    .
    2017-01-05 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - c:\windows\system32\xp_eos.exe [2014-03-07 01:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://co103w.col103.mail.live.com/default.aspx
    uSearchMigratedDefaultUrl = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    Trusted Zone: aol.com\free
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109\
    FF - prefs.js: browser.startup.homepage - about:home
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    MSConfigStartUp-Dropbox Update - c:\documents and settings\Connie\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
    AddRemove-Sansa Updater - c:\documents and settings\Connie\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2017-01-04 19:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1244)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2017-01-04 19:46:40
    ComboFix-quarantined-files.txt 2017-01-05 03:46
    .
    Pre-Run: 27,237,683,200 bytes free
    Post-Run: 27,218,415,616 bytes free
    .
    - - End Of File - - 71B07307052161B4EAFF05070B0D5C76
    5CB90281D1A59B251F6603134774EEC3
     
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  7. flew

    flew Established Techie7 Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
    Ran by Connie (administrator) on MOM (04-01-2017 21:12:18)
    Running from C:\Documents and Settings\Connie\Desktop
    Loaded Profiles: Connie (Available Profiles: Connie & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    () C:\WINDOWS\system32\WLTRYSVC.EXE
    (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
    (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
    (Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    (Sierra Wireless Inc.) C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
    (Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (Creative Technology Ltd) C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
    (SanDisk Corporation) C:\Documents and Settings\Connie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
    (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
    (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    (Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
    HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056 2006-01-02] (ATI Technologies Inc.)
    HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-05-02] (CyberLink Corp.)
    HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [WatcherHelper] => C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe [116080 2010-09-14] (Sierra Wireless Inc.)
    HKLM\...\Run: [TRUUpdater] => C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2010-10-08] (Sierra Wireless, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23] (ATI Technologies Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Run: [Creative Detector] => C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [98304 2003-10-02] (Creative Technology Ltd)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Run: [SansaDispatch] => C:\Documents and Settings\Connie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [1465288 2015-12-12] (SanDisk Corporation)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-28] (Piriform Ltd)
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\nature.scr [3343360 2004-08-10] (Microsoft Corporation)
    BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
    GroupPolicyScripts\User: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-07-27] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{A3F982CE-8853-455A-8451-4A835386A034}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061201
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://co103w.col103.mail.live.com/default.aspx
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-16] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-16] (Oracle Corporation)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-04] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: cef7vr7a.default-1418937549109
    FF ProfilePath: C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109 [2017-01-04]
    FF DefaultSearchEngine: C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109 -> Google
    FF DefaultSearchEngine.US: C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109 -> Google
    FF Homepage: C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109 -> about:home
    FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-05]
    FF Extension: (Youtube Unblocker Remediation) - C:\Documents and Settings\Connie\Application Data\Mozilla\Firefox\Profiles\cef7vr7a.default-1418937549109\features\{a4c6006c-9e71-42cd-87e3-db21cd66468a}\malware-remediation@mozilla.org.xpi [2016-12-05]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-16] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-16] (Oracle Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2007-12-19] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-02-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2005-08-09] (America Online, Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://hotmail.com/
    CHR StartupUrls: Default -> "hxxp://hotmail.com/"
    CHR Session Restore: Default -> is enabled.
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (Google Gadget Plugin) - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll ()
    CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL => No File
    CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (AOL Media Playback Plugin) - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll (America Online, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-01-04]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
    CHR Extension: (TelevisionFanatic) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh [2017-01-04]
    CHR Profile: C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile [2017-01-03]
    CHR Extension: (Google Slides) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-21]
    CHR Extension: (Google Docs) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-21]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-21]
    CHR Extension: (YouTube) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-21]
    CHR Extension: (Google Search) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-21]
    CHR Extension: (Google Sheets) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-21]
    CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-21]
    CHR Extension: (Gmail) - C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-21]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4154016 2016-12-15] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [603288 2016-12-15] (AVG Technologies CZ, s.r.o.)
    R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-28] (Macrovision Europe Ltd.) [File not signed]
    R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
    R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
    S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation) [File not signed]
    S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation) [File not signed]
    R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [238960 2010-12-02] (Sierra Wireless, Inc.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3844880 2016-11-25] (AVG Technologies CZ, s.r.o.)
    R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed]
    S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [X]
    S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [246528 2016-11-04] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
    R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
    R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
    S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.) [File not signed]
    R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [55152 2009-02-06] (Microsoft Corporation)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP) [File not signed]
    R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
    S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-01-04] (Malwarebytes)
    R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [219072 2017-01-04] (Malwarebytes)
    S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
    R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed]
    R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.) [File not signed]
    R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-24] (SigmaTel, Inc.)
    R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-11-25] (AVG Netherlands B.V.)
    S3 catchme; \??\C:\DOCUME~1\Connie\LOCALS~1\Temp\catchme.sys [X]
    S3 HPZid412; system32\DRIVERS\HPZid412.sys [X]
    S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [X]
    S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
    S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
    S3 PSMNMDMVSP; system32\DRIVERS\PSMNMDMVSP.sys [X]
    S3 PSMNMSMVSP; system32\DRIVERS\PSMNMSMVSP.sys [X]
    S3 PSMNNET; system32\DRIVERS\PSMNNET.sys [X]
    S3 PSMNRMNET; system32\DRIVERS\PSMNRMNET.sys [X]
    S3 PTHDRBUS; system32\DRIVERS\PTHDRBUS.sys [X]
    S3 PTHDRMDM; system32\DRIVERS\PTHDRMDM.sys [X]
    S3 PTHDRVSP; system32\DRIVERS\PTHDRVSP.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-04 21:12 - 2017-01-04 21:15 - 00026553 _____ C:\Documents and Settings\Connie\Desktop\FRST.txt
    2017-01-04 19:46 - 2017-01-04 21:15 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\temp
    2017-01-04 19:46 - 2017-01-04 19:46 - 00015940 _____ C:\ComboFix.txt
    2017-01-04 19:46 - 2017-01-04 19:46 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
    2017-01-04 19:46 - 2017-01-04 19:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
    2017-01-04 18:59 - 2011-06-25 22:45 - 00256000 _____ C:\WINDOWS\PEV.exe
    2017-01-04 18:59 - 2010-11-07 09:20 - 00208896 _____ C:\WINDOWS\MBR.exe
    2017-01-04 18:59 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2017-01-04 18:59 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2017-01-04 18:59 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2017-01-04 18:59 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2017-01-04 18:59 - 2000-08-30 16:00 - 00098816 _____ C:\WINDOWS\sed.exe
    2017-01-04 18:59 - 2000-08-30 16:00 - 00080412 _____ C:\WINDOWS\grep.exe
    2017-01-04 18:59 - 2000-08-30 16:00 - 00068096 _____ C:\WINDOWS\zip.exe
    2017-01-04 18:49 - 2017-01-04 19:46 - 00000000 ____D C:\Qoobox
    2017-01-04 18:25 - 2017-01-04 18:25 - 05659315 ____R (Swearware) C:\Documents and Settings\Connie\Desktop\ComboFix.exe
    2017-01-04 14:32 - 2017-01-04 14:32 - 00003465 _____ C:\Documents and Settings\Connie\Desktop\JRT.txt
    2017-01-04 14:16 - 2017-01-04 14:16 - 00001858 _____ C:\Documents and Settings\Connie\Desktop\AdwCleaner[C0].txt
    2017-01-04 14:04 - 2017-01-04 14:11 - 00000000 ____D C:\AdwCleaner
    2017-01-04 14:03 - 2017-01-04 14:03 - 01663040 _____ (Malwarebytes) C:\Documents and Settings\Connie\Desktop\JRT.exe
    2017-01-04 14:02 - 2017-01-04 14:02 - 03977168 _____ C:\Documents and Settings\Connie\Desktop\AdwCleaner.exe
    2017-01-04 13:28 - 2017-01-04 13:28 - 00085959 _____ C:\Documents and Settings\Connie\Desktop\mwb.txt
    2017-01-04 12:55 - 2017-01-04 16:04 - 00142112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-01-04 12:54 - 2017-01-04 20:59 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-01-04 12:53 - 2017-01-04 18:49 - 00219072 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-01-04 12:52 - 2017-01-04 12:52 - 00001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
    2017-01-04 12:52 - 2017-01-04 12:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
    2017-01-04 12:51 - 2017-01-04 12:51 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-01-04 12:51 - 2016-12-14 12:55 - 00059968 _____ C:\WINDOWS\system32\Drivers\mbae.sys
    2017-01-04 12:48 - 2017-01-04 12:48 - 00006560 _____ C:\Documents and Settings\Connie\Desktop\rk_9F.tmp.txt
    2017-01-04 11:01 - 2017-01-04 11:01 - 00000718 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
    2017-01-04 11:01 - 2017-01-04 11:01 - 00000000 ____D C:\Program Files\RogueKiller
    2017-01-04 11:01 - 2017-01-04 11:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
    2017-01-04 10:50 - 2017-01-04 10:52 - 54199488 _____ (Malwarebytes ) C:\Documents and Settings\Connie\Desktop\mb3-setup-consumer-3.0.5.1299.exe
    2017-01-04 10:34 - 2017-01-04 10:34 - 00460432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-01-03 18:48 - 2017-01-04 21:12 - 00000000 ____D C:\FRST
    2017-01-03 18:45 - 2017-01-03 18:46 - 01760256 _____ (Farbar) C:\Documents and Settings\Connie\Desktop\FRST.exe
    2017-01-03 16:31 - 2017-01-03 16:31 - 00001756 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp.lnk
    2017-01-03 16:31 - 2017-01-03 16:31 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
    2017-01-03 16:31 - 2017-01-03 16:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp
    2017-01-03 16:31 - 2016-11-25 13:45 - 00049936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
    2017-01-03 16:23 - 2017-01-03 16:28 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\Application Data\AvgSetupLog
    2017-01-03 15:50 - 2017-01-03 15:50 - 00002305 _____ C:\Documents and Settings\All Users\Desktop\OverDrive for Windows.lnk
    2017-01-03 15:49 - 2017-01-03 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive for Windows
    2017-01-03 15:49 - 2017-01-03 15:49 - 00000000 ____D C:\Program Files\OverDrive for Windows
    2016-12-24 20:12 - 2016-12-24 20:12 - 00189148 _____ C:\Documents and Settings\Connie\My Documents\MusiciansFriend.pdf
    2016-12-24 17:47 - 2016-12-24 17:47 - 00201698 _____ C:\Documents and Settings\Connie\My Documents\Your order has been shipped - Connie Schmitt.pdf
    2016-12-24 17:46 - 2016-12-24 17:46 - 00230242 _____ C:\Documents and Settings\Connie\My Documents\Mail - Connie Schmitt - Outlook.pdf
    2016-12-24 17:41 - 2016-12-24 17:41 - 00000000 ____D C:\spoolerlogs
    2016-12-07 20:09 - 2016-12-07 20:09 - 00779938 _____ C:\Documents and Settings\Connie\My Documents\Inv_100000662BO_from_Continental_Art_Center_Inc._9488.pdf
    2016-12-06 10:18 - 2016-12-06 10:18 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\Application Data\CEF

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-04 21:13 - 2013-03-26 10:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2017-01-04 21:01 - 2005-08-16 02:49 - 00000000 __SHD C:\Documents and Settings\NetworkService
    2017-01-04 20:59 - 2006-12-01 08:12 - 00000000 ____D C:\MDT
    2017-01-04 20:59 - 2005-08-16 02:38 - 00000000 ____D C:\WINDOWS\Registration
    2017-01-04 20:56 - 2005-08-16 02:18 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2017-01-04 20:54 - 2014-03-09 18:24 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2017-01-04 20:54 - 2011-08-04 10:58 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2017-01-04 20:53 - 2005-08-16 02:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-01-04 19:55 - 2006-12-01 07:53 - 00004608 _____ C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
    2017-01-04 19:55 - 2005-08-16 02:49 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt
    2017-01-04 19:54 - 2006-12-25 12:51 - 00000278 ___SH C:\Documents and Settings\Connie\ntuser.ini
    2017-01-04 19:54 - 2006-12-25 12:51 - 00000000 ____D C:\Documents and Settings\Connie
    2017-01-04 19:46 - 2005-08-16 02:28 - 00000000 ___HD C:\Documents and Settings\Default User
    2017-01-04 19:41 - 2005-08-16 02:18 - 00000227 _____ C:\WINDOWS\system.ini
    2017-01-04 19:39 - 2011-08-04 10:58 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2017-01-04 16:34 - 2014-03-09 18:24 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2017-01-04 16:14 - 2006-12-25 21:34 - 00000000 __SHD C:\WINDOWS\CSC
    2017-01-04 15:59 - 2014-08-29 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
    2017-01-04 15:12 - 2014-08-29 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2017-01-04 15:12 - 2005-08-16 02:22 - 00000000 ___HD C:\WINDOWS\inf
    2017-01-04 12:51 - 2009-01-10 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2017-01-04 12:49 - 2014-12-12 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
    2017-01-04 12:45 - 2016-04-11 19:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2017-01-04 11:02 - 2014-12-12 18:31 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-01-03 17:54 - 2015-12-12 12:26 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\clipzip01.01.21
    2017-01-03 17:54 - 2015-06-25 15:17 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\Outlook.com - ikanfly@hotmail.com_files
    2017-01-03 17:54 - 2013-10-04 14:07 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\Gift Shop Wish Lists
    2017-01-03 17:54 - 2012-09-10 14:46 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\Picture
    2017-01-03 17:54 - 2006-12-25 12:51 - 00000000 ___RD C:\Documents and Settings\Connie\My Documents
    2017-01-03 17:54 - 2006-12-01 08:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Videos
    2017-01-03 17:54 - 2006-12-01 07:27 - 00000000 ____D C:\i386
    2017-01-03 17:18 - 2015-03-26 07:49 - 00000000 ____D C:\Documents and Settings\Connie\Application Data\HpUpdate
    2017-01-03 17:18 - 2010-06-07 10:16 - 00000000 ____D C:\Documents and Settings\Connie\My Documents\My Digital Editions
    2017-01-03 17:16 - 2008-08-28 12:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 8.5
    2017-01-03 17:09 - 2015-06-23 15:56 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\Application Data\Dropbox
    2017-01-03 16:37 - 2015-06-05 08:58 - 00000000 ____D C:\Documents and Settings\Connie\Local Settings\Application Data\Avg
    2017-01-03 16:29 - 2016-11-14 20:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
    2017-01-03 16:28 - 2008-08-28 12:30 - 00000000 ____D C:\Program Files\AVG
    2017-01-03 15:56 - 2009-08-11 20:05 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-01-03 15:14 - 2006-12-01 07:51 - 00000000 ____D C:\Program Files\Dell
    2017-01-03 15:12 - 2014-04-09 10:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Pantech
    2017-01-03 15:12 - 2006-12-01 07:55 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2017-01-03 15:10 - 2014-04-09 10:07 - 00000000 ____D C:\Program Files\Pantech
    2017-01-03 14:46 - 2006-12-01 08:22 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
    2016-12-28 13:14 - 2008-06-04 08:34 - 00000000 ___RD C:\Documents and Settings\Connie\My Documents\Audio Books
    2016-12-14 03:07 - 2015-09-13 17:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2016-12-06 12:10 - 2005-08-16 02:33 - 00635578 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-12-06 12:10 - 2005-08-16 02:18 - 00525812 _____ C:\WINDOWS\system32\perfh009.dat
    2016-12-06 12:10 - 2005-08-16 02:18 - 00096938 _____ C:\WINDOWS\system32\perfc009.dat
    2016-12-06 11:01 - 2005-08-16 02:22 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2016-12-06 10:31 - 2016-11-14 20:25 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
    2016-12-06 10:31 - 2016-11-14 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
    2016-12-06 10:22 - 2014-08-29 17:06 - 00000000 ____D C:\$AVG
    2016-12-06 10:13 - 2005-08-16 02:22 - 00000000 ____D C:\WINDOWS\WinSxS
    2016-12-05 12:18 - 2006-12-25 12:51 - 00000000 ___HD C:\Documents and Settings\Connie\NetHood

    ==================== Files in the root of some directories =======

    2013-07-18 08:47 - 2013-07-18 08:52 - 0000065 _____ () C:\Documents and Settings\Connie\Application Data\mbam.context.scan
    2013-07-18 08:40 - 2013-07-18 08:40 - 0000000 _____ () C:\Documents and Settings\Connie\Application Data\SharedSettings.ccs
    2007-01-01 12:47 - 2016-10-20 09:14 - 0003792 _____ () C:\Documents and Settings\Connie\Application Data\wklnhst.dat
    2006-12-25 12:51 - 2006-12-25 12:52 - 0000129 _____ () C:\Documents and Settings\Connie\Local Settings\Application Data\fusioncache.dat
    2015-08-17 22:22 - 2015-08-17 22:22 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
    Ran by Connie (04-01-2017 21:17:28)
    Running from C:\Documents and Settings\Connie\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) (2006-12-25 20:51:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2031526256-1584670080-4053835340-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Connie (S-1-5-21-2031526256-1584670080-4053835340-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Connie
    Guest (S-1-5-21-2031526256-1584670080-4053835340-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-2031526256-1584670080-4053835340-1005 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-2031526256-1584670080-4053835340-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
    Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe PhotoDeluxe Home Edition 4.1 (HKLM\...\Adobe PhotoDeluxe Home Edition 4.1) (Version: 4.1 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - hxxp://www.adobe.com)
    Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
    AOLIcon (Version: 1.00.0000 - Dell) Hidden
    ATI Catalyst Control Center (HKLM\...\{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}) (Version: 1.2.2334.37172 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.261-060523a1-033841C-Dell - )
    Avery Design & Print (HKLM\...\Avery Design & Print 3.0.2) (Version: 3.0.2 - Avery Products Corporation)
    AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
    AVG (Version: 16.141.7996 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
    AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.63.2.50050 - AVG Technologies)
    AVG PC TuneUp (Version: 16.63.4 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.141.7996 - AVG Technologies)
    AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
    Broadcom Management Programs (HKLM\...\{26E1BFB0-E87E-4696-9F89-B467F01F81E5}) (Version: 8.65.05 - Broadcom Corporation)
    BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    California Friendly Gardening for San Diego County (HKLM\...\{60428933-7347-4EE3-97E3-9EE1362CDA4B}) (Version: 1.00.0000 - GardenSoft)
    CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
    Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Complete Landscape Designer Deluxe Edition (HKLM\...\Complete Landscape Designer Deluxe Edition) (Version: - )
    Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - )
    Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version: - )
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
    Dell Support 3.2.1 (HKLM\...\{CEE2252C-4035-4B27-8EC6-0B085DD3A413}) (Version: 5.5.2087 - Dell)
    Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
    Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
    Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
    Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
    GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
    HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
    HP Officejet 4630 series Basic Device Software (HKLM\...\{51CE4FA1-8EF3-4293-8396-5820C08AB8C8}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
    HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Support Solutions Framework (HKLM\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java(TM) 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
    Lame ACM MP3 Codec (HKLM\...\Lame MP3 Codec (for the ACM)) (Version: - )
    Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
    MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
    Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Outlook 2003 with Business Contact Manager Update (HKLM\...\{BA68600E-96D9-4E92-80F2-26B9681B5A63}) (Version: 2.0.5324.0 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM\...\{95120000-0120-0409-0000-0000000FF1CE}) (Version: 12.0.6414.1000 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
    Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Mozilla Firefox 45.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version: - )
    MSVCSetup (Version: 1.00.0000 - HP) Hidden
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MuVo Driver (HKLM\...\MuVo Driver) (Version: - )
    Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
    OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
    OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
    PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
    RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
    RogueKiller version 12.9.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.1.0 - Adlice Software)
    Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
    Seagate Manager Installer (Version: 2.01.0600 - Seagate) Hidden
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Serif 3DPlus 2.0 (HKLM\...\{A36638C0-D8B9-11D3-9801-00A0CC555167}) (Version: - )
    Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version: - )
    Serif PagePlus SE 1.0 (HKLM\...\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}) (Version: 1.00 - Serif)
    Serif PhotoPlus 6.0 (HKLM\...\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}) (Version: 6.00 - Serif)
    Sierra Wireless AirCard Watcher (HKLM\...\{CE619CFC-F5C0-43CC-AA66-BEDDA623CCA1}) (Version: 6.0.2849.0001 - Sierra Wireless Inc.)
    SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
    Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
    TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
    URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
    VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] (HKLM\...\EmeraldQFE2) (Version: - Microsoft Corporation)
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2031526256-1584670080-4053835340-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Documents and Settings\Connie\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Digital Editions\Help.lnk -> hxxp://www.adobe.com/products/digitaleditions/help
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Digital Editions\Home Page.lnk -> hxxp://www.adobe.com/products/digitaleditions

    ==================== Loaded Modules (Whitelisted) ==============

    2006-12-01 07:26 - 2006-11-01 19:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
    2006-12-01 07:26 - 2006-11-01 19:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c79046e0\mscorlib.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_72306d83\system.windows.forms.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_89952375\system.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d837d88e\system.xml.dll
    2013-07-17 14:55 - 2013-07-17 14:55 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_da7dac19\system.drawing.dll
    2010-10-08 14:01 - 2010-10-08 14:01 - 00247152 _____ () C:\Program Files\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
    2016-12-06 10:11 - 2016-12-06 10:11 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
    2005-08-16 02:18 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
    2005-08-16 02:18 - 2013-01-01 22:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2005-08-16 02:18 - 2008-04-13 16:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2005-08-16 02:18 - 2008-04-13 16:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2017-01-04 12:51 - 2016-12-14 12:55 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2016-07-14 17:41 - 2016-07-06 17:01 - 17602240 _____ () C:\Documents and Settings\Connie\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\...\aol.com -> hxxp://free.aol.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2005-08-16 02:18 - 2017-01-04 19:41 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
    DNS Servers: 192.168.0.1
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: UserFaultCheck => %systemroot%\system32\dumprep 0 -u

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
    DomainProfile\AuthorizedApplications: [C:\Program Files\BearShare Applications\BearShare\BearShare.exe] => Enabled:BearShare
    StandardProfile\AuthorizedApplications: [C:\Program Files\Dell\MediaDirect\PCMService.exe] => Enabled:CyberLink PowerCinema Resident Program
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
    StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe] => C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater
    StandardProfile\AuthorizedApplications: [C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe] => Enabled:CLI Application (Command Line Interface)
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\FaxApplications.exe] => :LocalSubNet:Enabled:HP Officejet 4630 series FaxApplications
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\DigitalWizards.exe] => :LocalSubNet:Enabled:HP Officejet 4630 series DigitalWizards
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\SendAFax.exe] => :LocalSubNet:Enabled:HP Officejet 4630 series SendFaxAppExe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Officejet 4630 series)
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet 4630 series)
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:personal Email Scanner
    DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [5357:TCP] => Enabled:WS-Eventing TCP Port 5357

    ==================== Restore Points =========================

    03-01-2017 15:49:53 Installed OverDrive for Windows
    04-01-2017 14:22:44 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/04/2017 12:55:07 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

    Error: (01/03/2017 03:48:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application chrome.exe, version 49.0.2623.112, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (01/03/2017 03:48:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application chrome.exe, version 49.0.2623.112, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (01/03/2017 02:42:10 PM) (Source: MsiInstaller) (EventID: 11406) (User: NT AUTHORITY)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2016 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AV. System error . Verify that you have sufficient access to that key, or contact your support personnel.

    Error: (01/03/2017 02:09:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 249026984

    Error: (01/03/2017 02:09:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 249026984

    Error: (01/03/2017 02:09:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/03/2017 02:09:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 249024875

    Error: (01/03/2017 02:09:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 249024875

    Error: (01/03/2017 02:09:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (01/04/2017 08:59:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The HP CUE DeviceDiscovery Service service terminated with the following error:
    Unspecified error

    Error: (01/04/2017 08:58:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.

    Error: (01/04/2017 08:56:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/04/2017 08:56:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Pml Driver HPZ12 service terminated with the following error:
    The specified module could not be found.

    Error: (01/04/2017 08:56:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Net Driver HPZ12 service terminated with the following error:
    The specified module could not be found.

    Error: (01/04/2017 08:56:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Solutions Framework Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (01/04/2017 08:56:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

    Error: (01/04/2017 08:56:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/04/2017 07:09:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/04/2017 04:18:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The HP CUE DeviceDiscovery Service service terminated with the following error:
    Unspecified error


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz
    Percentage of memory in use: 47%
    Total physical RAM: 1022.37 MB
    Available physical RAM: 540.45 MB
    Total Virtual: 2459.34 MB
    Available Virtual: 1184.18 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:67.83 GB) (Free:25.4 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 74.5 GB) (Disk ID: E686F016)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Active) - (Size=67.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=2 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=4.6 GB) - (Type=DB)

    ==================== End of Addition.txt ============================
     
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  9. flew

    flew Established Techie7 Member

    Fix result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
    Ran by Connie (05-01-2017 18:15:12) Run:1
    Running from C:\Documents and Settings\Connie\Desktop
    Loaded Profiles: Connie (Available Profiles: Connie & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    GroupPolicyScripts\User: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [X]
    S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [X]
    S3 catchme; \??\C:\DOCUME~1\Connie\LOCALS~1\Temp\catchme.sys [X]
    S3 HPZid412; system32\DRIVERS\HPZid412.sys [X]
    S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [X]
    S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
    S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
    S3 PSMNMDMVSP; system32\DRIVERS\PSMNMDMVSP.sys [X]
    S3 PSMNMSMVSP; system32\DRIVERS\PSMNMSMVSP.sys [X]
    S3 PSMNNET; system32\DRIVERS\PSMNNET.sys [X]
    S3 PSMNRMNET; system32\DRIVERS\PSMNRMNET.sys [X]
    S3 PTHDRBUS; system32\DRIVERS\PTHDRBUS.sys [X]
    S3 PTHDRMDM; system32\DRIVERS\PTHDRMDM.sys [X]
    S3 PTHDRVSP; system32\DRIVERS\PTHDRVSP.sys [X]
    S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
    2013-07-18 08:47 - 2013-07-18 08:52 - 0000065 _____ () C:\Documents and Settings\Connie\Application Data\mbam.context.scan
    2013-07-18 08:40 - 2013-07-18 08:40 - 0000000 _____ () C:\Documents and Settings\Connie\Application Data\SharedSettings.ccs
    2007-01-01 12:47 - 2016-10-20 09:14 - 0003792 _____ () C:\Documents and Settings\Connie\Application Data\wklnhst.dat
    2006-12-25 12:51 - 2006-12-25 12:52 - 0000129 _____ () C:\Documents and Settings\Connie\Local Settings\Application Data\fusioncache.dat
    2015-08-17 22:22 - 2015-08-17 22:22 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini

    *****************

    C:\WINDOWS\system32\GroupPolicy\User => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
    HKU\S-1-5-21-2031526256-1584670080-4053835340-1006\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
    HKLM\System\CurrentControlSet\Services\Net Driver HPZ12 => key removed successfully.
    Net Driver HPZ12 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\Pml Driver HPZ12 => key removed successfully.
    Pml Driver HPZ12 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\catchme => key removed successfully.
    catchme => service removed successfully.
    HKLM\System\CurrentControlSet\Services\HPZid412 => key removed successfully.
    HPZid412 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\HPZipr12 => key removed successfully.
    HPZipr12 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\PSMNBUS => key removed successfully.
    PSMNBUS => service removed successfully.
    HKLM\System\CurrentControlSet\Services\PSMNMDM => key removed successfully.
    PSMNMDM => service removed successfully.
    HKLM\System\CurrentControlSet\Services\PSMNMDMVSP => key removed successfully.
    PSMNMDMVSP => service removed successfully.
    HKLM\System\CurrentControlSet\Services\PSMNMSMVSP => key removed successfully.
    PSMNMSMVSP => service removed successfully.
    HKLM\System\CurrentControlSet\Services\PSMNNET => key removed successfully.
    PSMNNET => service removed successfully.
    HKLM\System\CurrentControlSet\Services\PSMNRMNET => key removed successfully.
    PSMNRMNET => service removed successfully.
    HKLM\System\CurrentControlSet\Services\PTHDRBUS => key removed successfully.
    PTHDRBUS => service removed successfully.
    HKLM\System\CurrentControlSet\Services\PTHDRMDM => key removed successfully.
    PTHDRMDM => service removed successfully.
    HKLM\System\CurrentControlSet\Services\PTHDRVSP => key removed successfully.
    PTHDRVSP => service removed successfully.
    HKLM\System\CurrentControlSet\Services\USBAAPL => key removed successfully.
    USBAAPL => service removed successfully.
    C:\Documents and Settings\Connie\Application Data\mbam.context.scan => moved successfully
    C:\Documents and Settings\Connie\Application Data\SharedSettings.ccs => moved successfully
    C:\Documents and Settings\Connie\Application Data\wklnhst.dat => moved successfully
    C:\Documents and Settings\Connie\Local Settings\Application Data\fusioncache.dat => moved successfully
    C:\Documents and Settings\All Users\Application Data\Ament.ini => moved successfully


    The system needed a reboot.

    ==== End of Fixlog 18:15:13 ====
     
  10. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  11. flew

    flew Established Techie7 Member

    Results of screen317's Security Check version 0.99.93
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Malwarebytes
    AVG AntiVirus Free Edition
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    AVG PC TuneUp
    CCleaner
    JavaFX 2.1.1
    Java(TM) 7 Update 5
    Java 8 Update 25
    Java version 32-bit out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 18.0.0.232
    Adobe Reader 8
    Adobe Reader XI
    Mozilla Firefox (45.0.2)
    Google Chrome (49.0.2623.110)
    Google Chrome (49.0.2623.112)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 5%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 27-01-2016
    Ran by Connie (administrator) on 05-01-2017 at 18:57:08
    Running from "C:\Documents and Settings\Connie\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Avgtdix(11) Bridge(9) BridgeMP(8) fssfltr(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0B000000040000000100000002000000030000000B00000005000000060000000700000008000000090000000A000000
    IpSec Tag value is correct.

    **** End of log ****

    I also ran TFC and it asked to restart my computer. I did.

    I ran Sophos. It found no threats.


    BTW, when I try to open the Bleepingcomputer webpage it does not load properly on this computer (using Chrome).
    I just get a framework. It loads OK using Foxfire, though.
     
  12. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Reset Chrome...
    Click on "Customize and control Google Chrome":
    [​IMG]
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
    Click "Reset browser settings" button.
    Restart Chrome.

    If the above didn't help....

    Reinstall Chrome...
    If you want to save your bookmarks...
    How to Backup Bookmarks in Google Chrome
    If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
    • Close all Chrome windows and tabs.
    • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
    • Click Programs and Features.
    • Double-click Google Chrome.
    • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
    Install fresh copy.
     
  13. Ikanfly

    Ikanfly Established Techie7 Member

    I reset Chrome and restarted. No luck. So I removed and reinstalled Chrome. (I checked the box to delete browsing data, but when I reinstalled chrome it had all my old info again.) I still can't open "Bleepingcomputers.com" properly. BTW, when I downloaded the Chromepass tool AVG found that it came with adware "Hacktool" so I deleted it and chromepass.
     
  14. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Is Bleepingcomputers.com the only site affected?
    What happens when you try to open it?
     
  15. flew

    flew Established Techie7 Member

  16. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Is Bleepingcomputers.com the only site affected?
     
  17. flew

    flew Established Techie7 Member

    Yes, so far. In fact, I used another computer running XP and Chrome and I had the same problem with the Bleeping computer website. Works OK with Firefox.
     
  18. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Yeah, it looks like Chrome doesn't load some page code.
    There is really not much I can do about it.
    You can try to post about at Google forum.

    Here....

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    10. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    11. Please, let me know, how your computer is doing.
     
  19. flew

    flew Established Techie7 Member

    Thanks for all your help, broni. The computer is doing really well because of it. I made a small donation to help you all out. Thanks again. - Flew
     
  20. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Thank you very much :)

    Good luck and stay safe :)