TechSpot

Virus involving McUICnt.exe - Bad Image Pop Up?

By janalee40
Mar 25, 2016
  1. My computer is running really slow and I can't get rid of the pop up titled: McUICnt.exe - Bad Image. Error Message says: "C:\Program Files\McAfee\MSC\mcprlres.dll is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contract your system administrator or the software vendor for support."

    I am not tech savvy at all;. I just know that my laptop is not functioning like it should. I installed Malware Bytes. I have not run a scan yet. I also saw a prior thread posted on this site that said to run the Farbar Recovery Tool and post files. I have the saved text files from these scans on my desktop. Not sure where to post them due to the 5000 character max. Please help.
     
  2. janalee40

    janalee40 TS Rookie Topic Starter

    I uninstalled McAfee from my computer. The Bad Image pop up is now gone. But I am now receiving a RunDll:Error in C:\Program~2\39UNIN~1.DLL Missing Entry: O error message when booting computer. I click enter and it goes away and the system boots up. The Bad Image pop up is not there anymore. I am also receiving Malware Bytes pop ups showing malware being blocked.

    The FRST.txt log is below:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by Jana (administrator) on BRIANALMEJO1-PC (25-03-2016 11:48:50)
    Running from C:\Users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1HL5U42
    Loaded Profiles: brianalmejo1 & Jana (Available Profiles: brianalmejo1 & Jana)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
    () C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (SmithMicro Inc.) C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\MSM\McSmtFwk.exe
    (McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (C-motech Co.,Ltd) C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (VER_COMPANY_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
    (VER_COMPANY_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Dropbox, Inc.) C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_182_ActiveX.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
    HKLM-x32\...\Run: [DellSupportCenter] => "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    HKLM-x32\...\Run: [Sprint SmartView] => C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe [75072 2010-05-16] (Sprint)
    HKLM-x32\...\Run: [RDVCHG] => C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe [316736 2010-05-16] (C-motech Co.,Ltd)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1699400 2016-01-04] (APN)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader 64] => C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon64.exe [71752 2014-07-05] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [641504 2015-08-21] (McAfee, Inc.)
    HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
    HKLM-x32\...\RunOnce: [MapsGalaxy_39bar Uninstall] => rundll32 C:\PROGRA~2\39UNIN~1.DLL,O -3 uninstalltype=IE
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-06-09] (EasyBits Software AS)
    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\...\Run: [EPSON Artisan 800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE [221696 2008-04-06] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe -update activex
    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\...\MountPoints2: {ebb63540-22db-11e0-a92d-806e6f6e6963} - D:\Setup.exe
    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
    HKU\S-1-5-21-3529422162-276151246-1532304501-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-28] (Google Inc.)
    HKU\S-1-5-21-3529422162-276151246-1532304501-1001\...\Run: [Dropbox Update] => C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.)
    HKU\S-1-5-21-3529422162-276151246-1532304501-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_21_0_0_182_ActiveX.exe [881344 2016-03-25] (Adobe Systems Incorporated)
    HKU\S-1-5-21-3529422162-276151246-1532304501-1001\...\MountPoints2: {ebb63540-22db-11e0-a92d-806e6f6e6963} - D:\Setup.exe
    HKU\S-1-5-21-3529422162-276151246-1532304501-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-03-25]
    ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-01-18]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\brianalmejo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-03-16]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-18]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-18]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-03-19]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-25]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-07-06]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
    Tcpip\..\Interfaces\{B2699FC9-276A-4139-BB39-29798F7A2CF5}: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
    Tcpip\..\Interfaces\{D3A9E42D-D97B-4719-931D-1EE5EE25D4F1}: [DhcpNameServer] 13.36.0.1 13.36.0.2

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U141&ocid=U141DHP
    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
    HKU\S-1-5-21-3529422162-276151246-1532304501-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    URLSearchHook: HKU\S-1-5-21-3529422162-276151246-1532304501-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {065E7EF9-E9B7-4ED1-A685-4CEF444969D2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {7BBAF097-921D-431E-BC80-C011D5A2EA55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm423^YYA^us&si=250652_maps-d-optimized&ptb=BCBEAA0B-7CCA-407B-B54F-613A7FE93193&ind=2014070517&n=780c46f5&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3529422162-276151246-1532304501-1000 -> DefaultScope {E07284D3-9AF9-4D2C-939A-4F7E10C961ED} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20150520&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3529422162-276151246-1532304501-1000 -> {7BBAF097-921D-431E-BC80-C011D5A2EA55} URL = hxxp://www.bing.com/search?FORM=U348DF&PC=U348&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3529422162-276151246-1532304501-1000 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm423^YYA^us&si=250652_maps-d-optimized&ptb=BCBEAA0B-7CCA-407B-B54F-613A7FE93193&ind=2014070517&n=780c46f5&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3529422162-276151246-1532304501-1000 -> {E07284D3-9AF9-4D2C-939A-4F7E10C961ED} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20150520&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3529422162-276151246-1532304501-1000 -> {E6566239-E7AB-4DA4-A47A-F2BEFFE41A4A} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7-SAT&o=APN11466&pf=V7&p2=%5EBEC%5EOSJ000%5EYY%5EUS&gct=&itbv=12.10.6.53&apn_uid=6FC208CD-C990-45A7-B7CE-45AE3EC88340&apn_ptnrs=BEC&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_29.0.1547.66&doi=2014-04-23&trgb=IE&q={searchTerms}&psv=
    SearchScopes: HKU\S-1-5-21-3529422162-276151246-1532304501-1001 -> DefaultScope {D7A448A5-C5FD-4A8E-BD00-7C785DDBFED1} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20150520&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3529422162-276151246-1532304501-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3529422162-276151246-1532304501-1001 -> {065E7EF9-E9B7-4ED1-A685-4CEF444969D2} URL =
    SearchScopes: HKU\S-1-5-21-3529422162-276151246-1532304501-1001 -> {D7A448A5-C5FD-4A8E-BD00-7C785DDBFED1} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20150520&p={searchTerms}
    BHO: No Name -> {4F524A2D-5637-2D53-4154-7A786E7484D7} -> No File
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll [2016-01-04] (APN LLC.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-18] (Sun Microsystems, Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll [2016-01-04] (APN LLC.)
    Toolbar: HKLM - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll [2016-01-04] (APN LLC.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
    Toolbar: HKLM-x32 - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll [2016-01-04] (APN LLC.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
    Toolbar: HKU\S-1-5-21-3529422162-276151246-1532304501-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-3529422162-276151246-1532304501-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
    Toolbar: HKU\S-1-5-21-3529422162-276151246-1532304501-1000 -> Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll [2016-01-04] (APN LLC.)
    Toolbar: HKU\S-1-5-21-3529422162-276151246-1532304501-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-3529422162-276151246-1532304501-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
    Toolbar: HKU\S-1-5-21-3529422162-276151246-1532304501-1001 -> Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll [2016-01-04] (APN LLC.)
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2010-01-13] (Cozi Group, Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

    FireFox:
    ========
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-01-18] (Sun Microsystems, Inc.)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-25] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-25] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3529422162-276151246-1532304501-1000: @nsroblox.roblox.com/launcher -> C:\Users\brianalmejo1\AppData\Local\Roblox\Versions\version-4bc75dd7e05f4feb\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-3529422162-276151246-1532304501-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\brianalmejo1\AppData\Local\Roblox\Versions\version-4bc75dd7e05f4feb\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll => No File
    CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll => No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll => No File
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
    CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-01]
    CHR Extension: (Google Drive) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-01]
    CHR Extension: (YouTube) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-01]
    CHR Extension: (Google Search) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-01]
    CHR Extension: (SiteAdvisor) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-01]
    CHR Extension: (Google Wallet) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-01]
    CHR Extension: (Gmail) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-01]
    CHR HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\brianalmejo1\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx <not found>

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 0162351456452286mcinstcleanup; C:\Windows\TEMP\016235~1.EXE [882000 2015-06-18] (McAfee, Inc.)
    R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-04] (APN LLC.)
    S3 CASprint; C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [124224 2010-05-16] (SmithMicro Inc.)
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
    S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
    R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
    R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [82944 2010-01-11] () [File not signed]
    R3 SprintRcAppSvc; C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe [120128 2010-05-16] (SmithMicro Inc.)
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [359040 2010-02-11] (Beceem communications pvt ltd.)
    S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-02-11] (Beceem communications pvt ltd.)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
    R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
    R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-25] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
    S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-05-16] (Smith Micro Inc.)
    S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [285696 2010-05-16] (Sierra Wireless Inc.)
    R4 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-25 11:48 - 2016-03-25 11:48 - 00000000 ____D C:\FRST
    2016-03-25 11:38 - 2016-03-25 11:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-03-25 11:35 - 2016-03-25 11:35 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-03-25 11:35 - 2016-03-25 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-03-25 11:35 - 2016-03-25 11:35 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-03-25 11:35 - 2016-03-25 11:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-03-25 11:35 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-03-25 11:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-03-25 11:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-03-25 11:05 - 2016-03-25 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2016-03-25 11:03 - 2014-07-05 16:40 - 00872008 _____ (Mindspark) C:\Program Files (x86)\39Uninstall MapsGalaxy.dll
    2016-03-25 11:03 - 2014-07-05 16:40 - 00196992 _____ () C:\Program Files (x86)\39res.dll
    2016-03-25 10:42 - 2016-03-25 10:42 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-25 11:42 - 2011-01-18 02:01 - 00000000 ____D C:\ProgramData\McAfee
    2016-03-25 11:42 - 2011-01-18 02:01 - 00000000 ____D C:\Program Files\mcafee
    2016-03-25 11:42 - 2011-01-18 02:01 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-03-25 11:38 - 2014-04-22 20:23 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-03-25 11:38 - 2014-04-22 20:23 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-03-25 11:25 - 2009-07-13 23:45 - 00022240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-03-25 11:25 - 2009-07-13 23:45 - 00022240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-03-25 11:10 - 2014-11-03 17:35 - 00000000 ____D C:\Users\Jana\Documents\Outlook Files
    2016-03-25 11:02 - 2013-12-02 04:10 - 00000000 ____D C:\Windows\system32\MRT
    2016-03-25 11:02 - 2012-09-02 10:24 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-03-25 11:02 - 2012-09-02 10:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-03-25 11:02 - 2012-09-02 10:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-03-25 11:02 - 2011-12-11 18:28 - 00000000 ____D C:\Users\Jana\AppData\Roaming\WildTangent
    2016-03-25 11:02 - 2011-06-22 19:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-03-25 11:02 - 2011-04-25 20:36 - 00000000 ____D C:\Users\brianalmejo1\AppData\Roaming\WildTangent
    2016-03-25 11:02 - 2011-01-18 02:05 - 00000000 ____D C:\ProgramData\WildTangent
    2016-03-25 11:02 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-03-25 11:00 - 2011-01-18 02:15 - 00000000 ____D C:\ProgramData\Skype
    2016-03-25 10:57 - 2015-07-15 17:28 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3529422162-276151246-1532304501-1001UA.job
    2016-03-25 10:48 - 2015-09-12 14:07 - 00001185 _____ C:\Users\brianalmejo1\Desktop\ROBLOX Studio.lnk
    2016-03-25 10:48 - 2015-09-12 14:07 - 00000000 ____D C:\Users\brianalmejo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2016-03-25 10:47 - 2011-12-03 11:02 - 00000000 ____D C:\ProgramData\GameXN
    2016-03-25 10:44 - 2013-12-06 10:46 - 00000000 ___RD C:\Users\Jana\Dropbox
    2016-03-25 10:44 - 2013-12-06 10:44 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Dropbox
    2016-03-25 10:38 - 2012-06-09 19:26 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-03-25 10:37 - 2011-03-29 19:35 - 00000000 ____D C:\Users\Jana\AppData\Local\Google
    2016-03-25 10:37 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-03-25 10:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2016-03-25 10:36 - 2011-03-28 21:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-25 10:32 - 2015-07-15 17:28 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3529422162-276151246-1532304501-1001Core.job
    2016-03-05 17:13 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
    2016-03-05 17:10 - 2013-06-13 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-03-05 17:09 - 2013-06-13 18:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-03-05 17:09 - 2013-06-13 18:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-03-05 17:05 - 2011-06-22 19:42 - 00000000 ____D C:\Users\brianalmejo1\AppData\Roaming\go
    2016-03-05 16:28 - 2015-05-25 20:11 - 00000442 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2016-02-25 21:01 - 2011-03-28 21:28 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-25 21:01 - 2011-03-28 21:28 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-25 21:01 - 2011-03-28 21:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-25 20:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2016-02-25 20:51 - 2011-11-14 08:49 - 00000000 ____D C:\Users\brianalmejo1\Tracing
    2016-02-25 20:49 - 2011-03-16 19:26 - 00000000 ____D C:\Users\brianalmejo1\AppData\Local\SoftThinks

    ==================== Files in the root of some directories =======

    2016-03-25 11:03 - 2014-07-05 16:40 - 0196992 _____ () C:\Program Files (x86)\39res.dll
    2016-03-25 11:03 - 2014-07-05 16:40 - 0872008 _____ (Mindspark) C:\Program Files (x86)\39Uninstall MapsGalaxy.dll
    2011-03-28 21:28 - 2011-03-28 21:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

    Some files in TEMP:
    ====================
    C:\Users\brianalmejo1\AppData\Local\Temp\APNStub.exe
    C:\Users\brianalmejo1\AppData\Local\Temp\GoogleToolbarInstaller.exe
    C:\Users\brianalmejo1\AppData\Local\Temp\hcbarpx_.dll
    C:\Users\brianalmejo1\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\brianalmejo1\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
    C:\Users\brianalmejo1\AppData\Local\Temp\Refresh.exe
    C:\Users\brianalmejo1\AppData\Local\Temp\setup.exe
    C:\Users\brianalmejo1\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Jana\AppData\Local\Temp\APNSetup.exe
    C:\Users\Jana\AppData\Local\Temp\contentDATs.exe
    C:\Users\Jana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpts9fod.dll
    C:\Users\Jana\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Jana\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Jana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Jana\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Jana\AppData\Local\Temp\mssinstaller.exe
    C:\Users\Jana\AppData\Local\Temp\SearchWithGoogleUpdate.exe
    C:\Users\Jana\AppData\Local\Temp\SecurityScan_Release.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-08 10:54

    ==================== End of FRST.txt ============================
     
  3. janalee40

    janalee40 TS Rookie Topic Starter

    The Addition TXT is below:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by Jana (2016-03-25 11:50:22)
    Running from C:\Users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1HL5U42
    Windows 7 Home Premium Service Pack 1 (X64) (2011-03-17 00:26:25)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3529422162-276151246-1532304501-500 - Administrator - Disabled)
    brianalmejo1 (S-1-5-21-3529422162-276151246-1532304501-1000 - Administrator - Enabled) => C:\Users\brianalmejo1
    Guest (S-1-5-21-3529422162-276151246-1532304501-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3529422162-276151246-1532304501-1003 - Limited - Enabled)
    Jana (S-1-5-21-3529422162-276151246-1532304501-1001 - Administrator - Enabled) => C:\Users\Jana

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
    Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C2600}) (Version: 12.38.0.387 - APN, LLC) <==== ATTENTION
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Cozi (HKLM-x32\...\{81F1C6DE-C053-4C6C-9DE8-ED23D28FA9AB}) (Version: 1.0.4913.28433 - Cozi Group, Inc.)
    Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
    Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
    Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    Dropbox (HKU\S-1-5-21-3529422162-276151246-1532304501-1001\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
    DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
    EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation)
    GameXN GO (HKU\S-1-5-21-3529422162-276151246-1532304501-1000\...\Game Organizer) (Version: - GameXN AS)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
    Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
    LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MySQL Connector/ODBC 3.51 (HKLM-x32\...\{9649C3CF-AC27-4A09-9F7F-A28FADBFDA2D}) (Version: 3.51.23 - MySQL AB)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
    ROBLOX Player for brianalmejo1 (HKU\S-1-5-21-3529422162-276151246-1532304501-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    ROBLOX Studio for brianalmejo1 (HKU\S-1-5-21-3529422162-276151246-1532304501-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Sprint SmartView (HKLM\...\{7AD2F459-D1D7-4D08-9949-1466E522B965}) (Version: 2.40.0040.0 - Sprint)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
    WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\brianalmejo1\AppData\Local\Roblox\Versions\version-4bc75dd7e05f4feb\RobloxProxy64.dll (ROBLOX Corporation)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3529422162-276151246-1532304501-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07EC99D7-8248-4348-BBB7-E47596BFCB9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {2C56FA1F-FA17-4A36-94C6-EAAA9C8C06E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {541B222D-87B8-4C27-90CC-674F151F4310} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
    Task: {5C27FC74-2116-49C9-9B77-7BF0DD39CF7D} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
    Task: {6DD9095D-523E-44E8-8FB8-BCF8664BDE58} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
    Task: {866B7FAE-4730-46E6-B3CB-974F57C575F2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
    Task: {889C8F86-1FD4-4C66-83E9-B6468A901376} - System32\Tasks\{3899EB68-C39A-4664-A899-9710C283E223} => pcalua.exe -a "C:\Users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VU0Y1G2Q\aulauncher[2].exe" -d C:\Users\Jana\Desktop
    Task: {9FFF639A-4A0B-403B-BFDE-65396870687D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3529422162-276151246-1532304501-1001UA => C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
    Task: {ADDCFE23-50E5-427D-B485-470A7F65CE1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {B48F9BF2-19F0-4D00-A0B9-1C9B737497F9} - System32\Tasks\{777F1CF4-E3A7-4D26-A5E2-60BA90C89686} => pcalua.exe -a E:\setupSNK.exe -d E:\
    Task: {BF0CE77B-9BF7-47AD-AFD0-B84DDE0672D5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3529422162-276151246-1532304501-1001Core => C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
    Task: {BFD4EA81-7CD6-4BB1-A8FD-1F6AB3052648} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-25] (Adobe Systems Incorporated)
    Task: {C2430F39-66D2-4016-A27F-4A9B7F66C1A0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
    Task: {CC4B06F0-8F73-43E1-88A7-46E23F10181F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {EFD2381D-3E2C-461F-9567-ECF84A248BAC} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3529422162-276151246-1532304501-1001Core.job => C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3529422162-276151246-1532304501-1001UA.job => C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2010-01-11 14:10 - 2010-01-11 14:10 - 00082944 _____ () C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    2009-12-29 15:19 - 2009-12-29 15:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
    2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2009-10-15 04:10 - 2009-10-15 04:10 - 01169904 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2009-10-15 04:10 - 2009-10-15 04:10 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
    2009-09-28 01:52 - 2009-09-28 01:52 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2016-03-25 10:40 - 2016-02-23 13:19 - 00034768 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
    2016-03-25 10:42 - 2016-02-23 13:20 - 00019408 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\faulthandler.pyd
    2016-03-25 10:42 - 2016-02-23 13:19 - 00116688 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\pywintypes27.dll
    2016-03-25 10:40 - 2016-02-23 13:19 - 00093640 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\_ctypes.pyd
    2016-03-25 10:40 - 2016-02-23 13:19 - 00018376 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\select.pyd
    2016-03-25 10:40 - 2016-03-11 19:18 - 00019760 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00105928 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32api.pyd
    2016-03-25 10:42 - 2016-02-23 13:19 - 00392144 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\pythoncom27.dll
    2016-03-25 10:40 - 2016-03-11 19:18 - 00381752 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
    2016-03-25 10:40 - 2016-02-23 13:19 - 00692688 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\unicodedata.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00020816 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2016-03-25 10:40 - 2016-02-23 13:20 - 00112592 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 01682760 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00020808 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2016-03-25 10:40 - 2016-03-11 19:18 - 00020800 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
    2016-03-25 10:40 - 2016-03-11 19:18 - 00021840 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00038696 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\fastpath.pyd
    2016-03-25 10:42 - 2016-02-23 13:21 - 00020936 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\mmapfile.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00024528 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32event.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00114640 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32security.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00124880 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32file.pyd
    2016-03-25 10:40 - 2016-03-11 19:18 - 00021832 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00024016 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00175560 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32gui.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00030160 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32pipe.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00043472 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32process.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00028616 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32ts.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00048592 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32service.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00026456 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00057808 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00024016 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\win32profile.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00117056 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00024392 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2016-03-25 10:42 - 2016-02-23 13:21 - 00036296 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\librsync.dll
    2016-03-25 10:40 - 2016-03-11 19:18 - 00023376 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-03-25 10:40 - 2016-02-23 13:19 - 00134608 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\_elementtree.pyd
    2016-03-25 10:42 - 2016-02-23 13:19 - 00134088 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\pyexpat.pyd
    2016-03-25 10:42 - 2016-02-23 13:20 - 00240584 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\jpegtran.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00052024 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
    2016-03-25 10:40 - 2016-03-11 19:18 - 00020800 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-03-25 10:40 - 2016-03-11 19:18 - 00021824 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
    2016-03-25 10:40 - 2016-03-11 19:18 - 00019776 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
    2016-03-25 10:40 - 2016-03-11 19:18 - 00020800 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00020280 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2016-03-25 10:40 - 2016-02-23 13:21 - 00350152 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\winxpgui.pyd
    2016-03-25 10:40 - 2016-03-11 19:18 - 00022352 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00084792 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
    2016-03-25 10:42 - 2016-03-11 19:18 - 01826096 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
    2016-03-25 10:40 - 2016-02-23 13:20 - 00083912 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\sip.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 03928880 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 01971504 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00531248 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00132912 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00223544 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00207672 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00158008 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00042808 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
    2016-03-25 10:42 - 2016-02-23 13:23 - 00017864 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\libEGL.dll
    2016-03-25 10:42 - 2016-02-23 13:23 - 01631184 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2016-03-25 10:40 - 2016-03-11 19:18 - 00024904 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00546096 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
    2016-03-25 10:42 - 2016-03-11 19:18 - 00357680 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
    2015-03-04 16:45 - 2016-02-23 13:25 - 00697304 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3529422162-276151246-1532304501-1001\...\internet -> internet
    IE trusted site: HKU\S-1-5-21-3529422162-276151246-1532304501-1001\...\mcafee.com -> hxxp://mcafee.com
    IE trusted site: HKU\S-1-5-21-3529422162-276151246-1532304501-1001\...\mcafee.com -> hxxps://mcafee.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2016-03-25 11:41 - 00000828 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3529422162-276151246-1532304501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\brianalmejo1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-3529422162-276151246-1532304501-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 208.180.42.68 - 208.180.42.100
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{CBE6E151-33B8-4EAE-9074-AC044E5C9F3E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{82E6F0C8-87D7-422C-B908-A41DFE4D6262}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{B7CD750B-74DF-4FD2-9344-5CAA29B577A2}] => (Allow) svchost.exe
    FirewallRules: [{4F691EAA-7515-414B-9D1E-D4A2216C07A7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{0B0FAD62-584D-4798-B98E-BF42827A15FE}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{EA4717FC-02BE-424B-8649-039EC58F6D7C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{A6486DE3-1916-49CC-98D0-F2A6B1B12304}] => (Allow) C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{CBF6032A-B89C-4AD1-B502-F94FF3EB4467}] => (Allow) C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{27BFC07F-41C6-4C57-BBB1-D1283FE62982}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4A2F7088-0FBF-4596-BEE8-47DCDB634665}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{3ED37761-C6C0-4650-9CF2-562F26E56699}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{ACE9FE6A-3A9A-4FFA-99E5-3DF3357D3935}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1DCEC725-D034-4DB9-A384-412126A88122}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{03FAE6DD-E6BD-4719-BE4D-B1820343BD22}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{0B69BFF4-73FB-4A48-A359-1018DFC78E8C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{13377870-4301-4598-AED1-3D162FCC8E14}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    26-12-2015 12:07:01 Windows Update
    08-01-2016 11:01:27 Scheduled Checkpoint
    09-01-2016 04:02:28 Windows Update
    25-02-2016 20:49:16 Scheduled Checkpoint
    25-02-2016 21:02:43 Dell Update: eDellRoot Removal
    25-02-2016 21:04:22 Dell Update: DSD Cert Removal
    05-03-2016 16:30:24 Windows Update
    25-03-2016 10:55:33 Removed Skype Toolbars
    25-03-2016 10:56:35 Removed Skype™ 7.0
    25-03-2016 10:58:11 Removed Skype Toolbars
    25-03-2016 10:58:57 Removed Skype™ 7.0
    25-03-2016 11:04:23 Removed eBay

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth L2CAP Interface
    Description: Bluetooth L2CAP Interface
    Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
    Manufacturer: Broadcom Corp.
    Service: btwl2cap
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/25/2016 11:45:55 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

    Error: (03/25/2016 11:45:54 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

    Error: (03/25/2016 11:13:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: brianalmejo1-PC)
    Description: Product: Ask Shopping Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

    Internet Explorer

    Error: (03/25/2016 11:13:16 AM) (Source: MsiInstaller) (EventID: 10005) (User: brianalmejo1-PC)
    Description: Product: Ask Shopping Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

    Internet Explorer

    Error: (03/25/2016 10:49:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 28e4

    Start Time: 01d186add3cd8ffd

    Termination Time: 16

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id:

    Error: (03/25/2016 10:39:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2a70

    Start Time: 01d186ac2db9ca92

    Termination Time: 15

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id: a6678633-f29f-11e5-a75f-889ffaaf6416

    Error: (03/25/2016 10:38:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2b80

    Start Time: 01d186ac30f3ef22

    Termination Time: 16

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id:

    Error: (03/05/2016 05:14:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15600

    Error: (03/05/2016 05:14:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15600

    Error: (03/05/2016 05:14:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (03/25/2016 11:42:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/25/2016 11:15:26 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/25/2016 11:13:12 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/25/2016 10:54:15 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/25/2016 10:52:01 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/25/2016 10:50:01 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/25/2016 10:47:47 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (03/25/2016 10:47:14 AM) (Source: ipnathlp) (EventID: 31004) (User: )
    Description: 0

    Error: (03/25/2016 10:47:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McODS service.

    Error: (03/25/2016 10:46:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McODS service.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
    Percentage of memory in use: 79%
    Total physical RAM: 3892.52 MB
    Available physical RAM: 781.87 MB
    Total Virtual: 7783.25 MB
    Available Virtual: 3698.93 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:371.04 GB) NTFS
    Drive d: (Setup) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
    Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  4. janalee40

    janalee40 TS Rookie Topic Starter

    MalwareBytes scan and the log is below (I quarantined and then deleted these):
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/25/2016
    Scan Time: 2:09 PM
    Logfile: Malwarebytes Log.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.03.25.03
    Rootkit Database: v2016.03.12.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Jana

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 405023
    Time Elapsed: 42 min, 57 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 23
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}, , [a156701b2e6b8caa58930ebc25dd54ac],
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}, , [a156701b2e6b8caa58930ebc25dd54ac],
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{364EA597-E728-4CE4-BB4A-ED846EF47970}, , [19de97f45c3d3df973a71fac8979629e],
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{364EA597-E728-4CE4-BB4A-ED846EF47970}, , [19de97f45c3d3df973a71fac8979629e],
    PUP.Optional.ASK, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5637-2D53-4154-7A786E7484D7}, , [1cdba3e8415832042931a732e31fab55],
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MapsGalaxy_39, , [00f77c0f0f8a0c2ae464968f21e35ea2],
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868A-1B3D-4E35-A561-FA964A96CD3B}, , [cb2cc2c9f0a90036202cf332e22255ab],
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF75B5A2-8403-4F70-88A6-488E3BEA0D7B}, , [34c3b5d6aeebfb3b8ebe6cb9a4602dd3],
    PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B0441A0E-A49A-4E16-AFC1-74ECCED1921F}, , [29ceccbff9a0280e95584104f212e21e],
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1001\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, , [6f886d1ec9d0be78b60f1c0736ce27d9],

    Registry Values: 8
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868a-1b3d-4e35-a561-fa964a96cd3b}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, , [cb2cc2c9f0a90036202cf332e22255ab]
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, , [34c3b5d6aeebfb3b8ebe6cb9a4602dd3]
    PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|DisplayName, Ask Web Search, , [29ceccbff9a0280e95584104f212e21e]
    PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|URL, http://search.tb.ask.com/search/GGm...n=780c46f5&psa=&st=sb&searchfor={searchTerms}, , [7e79c0cbbfdacb6b618bd86d4eb60000]
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MapsGalaxy_39 Browser Plugin Loader 64, C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon64.exe, , [2fc82b607524aa8cdcf85da3d232c838]
    PUP.Optional.ASK, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|DisplayName, Ask Web Search, , [7f7897f4d3c6979f3daa0d3855af45bb]
    PUP.Optional.ASK, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|URL, http://search.tb.ask.com/search/GGm...n=780c46f5&psa=&st=sb&searchfor={searchTerms}, , [28cf315aa8f161d532b48eb7f014f10f]
    PUP.Optional.ASK, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E6566239-E7AB-4DA4-A47A-F2BEFFE41A4A}|URL, http://www.search.ask.com/web?tpid=ORJ-V7-SAT&o=APN11466&pf=V7&p2=[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EBEC[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EOSJ000[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EYY[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EUS&gct=&itbv=12.10.6.53&apn_uid=6FC208CD-C990-45A7-B7CE-45AE3EC88340&apn_ptnrs=BEC&apn_dtid=[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EOSJ000[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EYY[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EUS&apn_dbr=cr_29.0.1547.66&doi=2014-04-23&trgb=IE&q={searchTerms}&psv=, , [ce29b2d93e5b1b1b8dc9e7ab5aaab24e]

    Registry Data: 0
    (No malicious items detected)

    Folders: 214

    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, , [bc3bcbc0e5b446f0bf104da1cf33b34d],
    PUP.Optional.ASK.Gen, C:\Users\brianalmejo1\AppData\Local\Temp\APN-Stub, , [6c8bd9b2bbde3600474b3fdc31d215eb],
    PUP.Optional.ASK.Gen, C:\Users\brianalmejo1\AppData\Local\Temp\APN-Stub\ORJ, , [6c8bd9b2bbde3600474b3fdc31d215eb],
    PUP.Optional.ASK.Gen, C:\Users\Jana\AppData\Local\Temp\APN-Stub, , [fdfa513a2c6d3ef81c7626f5e22157a9],
    PUP.Optional.ASK.Gen, C:\Users\Jana\AppData\Local\Temp\APN-Stub\ORJ-V7-SAT, , [fdfa513a2c6d3ef81c7626f5e22157a9],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\api, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\api\background, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\api\window, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\defaultSearch, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\defaultSearch\background, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\defaultSearch\foreground, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\shared, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\_metadata, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci, , [23d4d2b97b1e43f3d697b59cc441cd33],

    Files: 876
    PUP.Optional.MindSpark, C:\Program Files (x86)\39res.dll, , [d126f497712866d0fcd78fbcfd0857a9],
    PUP.Optional.APNToolBar, C:\Users\brianalmejo1\AppData\Local\Temp\Set5B58.tmp, , [fafd8efdf3a6da5ca61099aa2bd68e72],
    PUP.Optional.APNToolBar, C:\Users\Jana\AppData\Local\Temp\APNSetup.exe, , [20d71b70d6c30a2c10a6c380b54cc33d],
    Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\extension_toolbar_api.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\initWidgetWindow.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\newTabContentScript.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\options.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent.css, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent2.css, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent2.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spentJ.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spentK.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spentK.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\startup.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\stub.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\stubby.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\superFrame.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbar.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbar.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbarUI.css, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbarUI.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbarUI.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\url.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\common\adapter\adapterUtil.js, , [23d4d2b97b1e43f3d697b59cc441cd33]
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\IDR_WEBSTORE_ICON.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\magnifying_glass.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\RadioPlayerSprite.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\search_button.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\tvf_icon_guide.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\tvf_logo.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\wrench.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\chromeUtils.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\exeManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\exeManagerNMD.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\exePackageManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\focusManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\globalBlacklistManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\messaging.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\mutation_summary-min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\mutation_summary.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\nativeMessagingDispatcher.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\newTabInfo.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\newTabInitialize.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\options.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\readLocalStorage.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\reservespacefortoolbar.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\reservespaceifenabled.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\scriptInjector.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\searchContext.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\settingsOverrides.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\toolbarCookieParser.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\toolbarPreinit.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\underscore-1.3.1.min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\URILoaderContentScript.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\Widget.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\widgetContentScriptInjectee.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\widgetFactory.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\widgetWindowManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\cache.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\ce.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\debug.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\ss.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\libs\jquery-1.7.1.min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\libs\jquery-1.9.1.min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\libs\underscore-1.5.2.min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\shared\competitorDnsList.js, , [23d4d2b97b1e43f3d697b59cc441cd33],

    Physical Sectors: 0
    (No malicious items detected

    (end)
     
  5. janalee40

    janalee40 TS Rookie Topic Starter

    MalwareBytes scan and the log is below (I quarantined and then deleted these):
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/25/2016
    Scan Time: 2:09 PM
    Logfile: Malwarebytes Log.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.03.25.03
    Rootkit Database: v2016.03.12.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Jana

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 405023
    Time Elapsed: 42 min, 57 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 23
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}, , [a156701b2e6b8caa58930ebc25dd54ac],
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}, , [a156701b2e6b8caa58930ebc25dd54ac],
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{364EA597-E728-4CE4-BB4A-ED846EF47970}, , [19de97f45c3d3df973a71fac8979629e],
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{364EA597-E728-4CE4-BB4A-ED846EF47970}, , [19de97f45c3d3df973a71fac8979629e],
    PUP.Optional.ASK, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5637-2D53-4154-7A786E7484D7}, , [1cdba3e8415832042931a732e31fab55],
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MapsGalaxy_39, , [00f77c0f0f8a0c2ae464968f21e35ea2],
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868A-1B3D-4E35-A561-FA964A96CD3B}, , [cb2cc2c9f0a90036202cf332e22255ab],
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF75B5A2-8403-4F70-88A6-488E3BEA0D7B}, , [34c3b5d6aeebfb3b8ebe6cb9a4602dd3],
    PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B0441A0E-A49A-4E16-AFC1-74ECCED1921F}, , [29ceccbff9a0280e95584104f212e21e],
    PUP.Optional.MindSpark, HKU\S-1-5-21-3529422162-276151246-1532304501-1001\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, , [6f886d1ec9d0be78b60f1c0736ce27d9],

    Registry Values: 8
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868a-1b3d-4e35-a561-fa964a96cd3b}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, , [cb2cc2c9f0a90036202cf332e22255ab]
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, , [34c3b5d6aeebfb3b8ebe6cb9a4602dd3]
    PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|DisplayName, Ask Web Search, , [29ceccbff9a0280e95584104f212e21e]
    PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|URL, http://search.tb.ask.com/search/GGm...n=780c46f5&psa=&st=sb&searchfor={searchTerms}, , [7e79c0cbbfdacb6b618bd86d4eb60000]
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MapsGalaxy_39 Browser Plugin Loader 64, C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon64.exe, , [2fc82b607524aa8cdcf85da3d232c838]
    PUP.Optional.ASK, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|DisplayName, Ask Web Search, , [7f7897f4d3c6979f3daa0d3855af45bb]
    PUP.Optional.ASK, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|URL, http://search.tb.ask.com/search/GGm...n=780c46f5&psa=&st=sb&searchfor={searchTerms}, , [28cf315aa8f161d532b48eb7f014f10f]
    PUP.Optional.ASK, HKU\S-1-5-21-3529422162-276151246-1532304501-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E6566239-E7AB-4DA4-A47A-F2BEFFE41A4A}|URL, http://www.search.ask.com/web?tpid=ORJ-V7-SAT&o=APN11466&pf=V7&p2=[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EBEC[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EOSJ000[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EYY[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EUS&gct=&itbv=12.10.6.53&apn_uid=6FC208CD-C990-45A7-B7CE-45AE3EC88340&apn_ptnrs=BEC&apn_dtid=[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EOSJ000[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EYY[ce29b2d93e5b1b1b8dc9e7ab5aaab24e]EUS&apn_dbr=cr_29.0.1547.66&doi=2014-04-23&trgb=IE&q={searchTerms}&psv=, , [ce29b2d93e5b1b1b8dc9e7ab5aaab24e]

    Registry Data: 0
    (No malicious items detected)

    Folders: 214

    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, , [bc3bcbc0e5b446f0bf104da1cf33b34d],
    PUP.Optional.ASK.Gen, C:\Users\brianalmejo1\AppData\Local\Temp\APN-Stub, , [6c8bd9b2bbde3600474b3fdc31d215eb],
    PUP.Optional.ASK.Gen, C:\Users\brianalmejo1\AppData\Local\Temp\APN-Stub\ORJ, , [6c8bd9b2bbde3600474b3fdc31d215eb],
    PUP.Optional.ASK.Gen, C:\Users\Jana\AppData\Local\Temp\APN-Stub, , [fdfa513a2c6d3ef81c7626f5e22157a9],
    PUP.Optional.ASK.Gen, C:\Users\Jana\AppData\Local\Temp\APN-Stub\ORJ-V7-SAT, , [fdfa513a2c6d3ef81c7626f5e22157a9],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\api, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\api\background, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\api\window, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\defaultSearch, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\defaultSearch\background, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\camninohoigdplhcbjhckcpcfpddjohn\12.13.7.26194_0\components\defaultSearch\foreground, , [32c55c2f4950a393f974411070956d93],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\shared, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\_metadata, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci, , [23d4d2b97b1e43f3d697b59cc441cd33],

    Files: 876
    PUP.Optional.MindSpark, C:\Program Files (x86)\39res.dll, , [d126f497712866d0fcd78fbcfd0857a9],
    PUP.Optional.APNToolBar, C:\Users\brianalmejo1\AppData\Local\Temp\Set5B58.tmp, , [fafd8efdf3a6da5ca61099aa2bd68e72],
    PUP.Optional.APNToolBar, C:\Users\Jana\AppData\Local\Temp\APNSetup.exe, , [20d71b70d6c30a2c10a6c380b54cc33d],
    Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\extension_toolbar_api.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\initWidgetWindow.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\newTabContentScript.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\options.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent.css, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent2.css, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spent2.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spentJ.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spentK.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\spentK.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\startup.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\stub.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\stubby.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\superFrame.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbar.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbar.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbarUI.css, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbarUI.html, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\toolbarUI.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\url.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\common\adapter\adapterUtil.js, , [23d4d2b97b1e43f3d697b59cc441cd33]
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\IDR_WEBSTORE_ICON.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\magnifying_glass.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\RadioPlayerSprite.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\search_button.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\tvf_icon_guide.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\tvf_logo.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\images\wrench.png, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\chromeUtils.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\exeManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\exeManagerNMD.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\exePackageManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\focusManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\globalBlacklistManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\messaging.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\mutation_summary-min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\mutation_summary.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\nativeMessagingDispatcher.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\newTabInfo.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\newTabInitialize.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\options.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\readLocalStorage.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\reservespacefortoolbar.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\reservespaceifenabled.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\scriptInjector.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\searchContext.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\settingsOverrides.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\toolbarCookieParser.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\toolbarPreinit.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\underscore-1.3.1.min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\URILoaderContentScript.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\Widget.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\widgetContentScriptInjectee.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\widgetFactory.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\js\widgetWindowManager.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\cache.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\ce.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\debug.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\ss.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\libs\jquery-1.7.1.min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\libs\jquery-1.9.1.min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\native\libs\underscore-1.5.2.min.js, , [23d4d2b97b1e43f3d697b59cc441cd33],
    PUP.Optional.MindSpark, C:\Users\brianalmejo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci\12.13.7.34310_0\shared\competitorDnsList.js, , [23d4d2b97b1e43f3d697b59cc441cd33],

    Physical Sectors: 0
    (No malicious items detected

    (end)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] Uninstall following unwanted program: Ask Shopping Toolbar.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...