Posted May 4, 20177 yr FPCH Staff This little machine had Trend Micro Maxium Security, AVG CloudCare and SuperAntiSpyware. It was running pretty slow. I uninstalled AVG using the AVG uninstaller. It was still slow. It's running pretty well now that the Trend software is not running. Ran Malwarebytes Antimalware. It found 1,964 threats which were all MindSpark and Ask in Chrome. They were quarantined. MBAM shows them in the quarantine, but there is no scan report available. That's strange. Can you take a look at the scan logs to remove any AVG items that remain and see if there's anything else to be concerned about? Thank you. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2017 01 Ran by William (administrator) on 14189-WILLIAM-L (04-05-2017 10:17:15) Running from C:\Users\William\Desktop Loaded Profiles: William (Available Profiles: William) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.) HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.) HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [sOSUAUI] => C:\Program Files (x86)\AVG Online Backup\sosuploadagent.exe [59440 2016-08-30] (AVG Online Backup) HKLM-x32\...\Run: [sMessaging] => C:\Program Files (x86)\AVG Online Backup\SMessaging.exe [63536 2016-08-30] (AVG Online Backup) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\AVG Online Backup\AccountCreatorRunner.exe [23088 2016-08-30] (AVG Online Backup) HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-12-04] ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{c24cada4-9c69-41a7-9fd0-ab93644a81f7}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl#spf=1 SearchScopes: HKLM -> DefaultScope {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3526073170-1583772248-2959233235-1001 -> DefaultScope {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3526073170-1583772248-2959233235-1001 -> {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.) BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.) BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04] (Oracle Corporation) BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.) BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04] (Oracle Corporation) Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) Toolbar: HKU\S-1-5-21-3526073170-1583772248-2959233235-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.) Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.) Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-09-21] FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-11-07] FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-09-21] FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-04] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-24] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-3526073170-1583772248-2959233235-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll [No File] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR NewTab: Default -> Not-active:"chrome-extension://jmknbgfaiegknhkpchegnheahinbnkjd/stubby.html", Not-active:"chrome-extension://gilccnkjlhdobgphmegemajcbpapdlmm/stubby.html", Not-active:"chrome-extension://cjhofhakdnfjgeobcioadclaekfbhndl/stubby.html", Not-active:"chrome-extension://kgpcmjeckonpfoaacknfdaaehpjbflhl/stubby.html" CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default [2017-05-04] CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-13] CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-13] CHR Extension: (Ask Web Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllfmhclbkgdcbioppcjohckdmjmfmcj [2017-05-04] CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-13] CHR Extension: (InboxNow) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl [2017-05-04] CHR Extension: (Google Docs Offline) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-13] CHR Extension: (OnlineMapFinder) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm [2017-01-28] CHR Extension: (PDFConverterHQ) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmknbgfaiegknhkpchegnheahinbnkjd [2017-05-04] CHR Extension: (Ask Web Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkmodlfcmmnhhlofndkhdcembjaefbb [2017-05-04] CHR Extension: (EasyMailLogin) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpcmjeckonpfoaacknfdaaehpjbflhl [2017-05-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01] CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-13] CHR Extension: (Chrome Media Router) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-02] CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-30] CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed] R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.) S4 sagentservice; C:\Program Files (x86)\AVG Online Backup\SAgent.Service.exe [44080 2016-08-30] (AVG Online Backup) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] S4 AvgUpgrade; "C:\Program Files (x86)\AVG\CloudCare\AvgUpgrade.exe" [X] S4 ClientManager; "C:\Program Files (x86)\AVG\CloudCare\ClientManager.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-22] () R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-05-03] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-05-04] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-04] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-04] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-05-04] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [140504 2016-08-10] (Trend Micro Inc.) R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [332512 2016-08-10] (Trend Micro Inc.) R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.) R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.) S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.) R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [106720 2016-08-10] (Trend Micro Inc.) R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.) R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [101088 2016-08-09] (Trend Micro Inc.) R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [124752 2015-12-09] (Trend Micro Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-04 10:17 - 2017-05-04 10:18 - 00018901 _____ C:\Users\William\Desktop\FRST.txt 2017-05-04 10:16 - 2017-05-04 10:17 - 02428928 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe 2017-05-04 09:27 - 2017-05-04 09:27 - 00000000 ____D C:\Users\William\AppData\Roaming\Oracle 2017-05-04 09:07 - 2017-05-04 09:07 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-05-04 09:07 - 2017-05-04 09:07 - 00000000 ____D C:\Users\William\AppData\Roaming\Sun 2017-05-04 09:07 - 2017-05-04 09:07 - 00000000 ____D C:\Users\William\AppData\LocalLow\Sun 2017-05-04 09:07 - 2017-05-04 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-05-04 09:06 - 2017-05-04 09:07 - 00000000 ____D C:\ProgramData\Oracle 2017-05-04 09:06 - 2017-05-04 09:06 - 00000000 ____D C:\Program Files (x86)\Java 2017-05-04 08:58 - 2017-05-04 08:59 - 00399360 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe 2017-05-04 08:55 - 2017-05-04 08:55 - 00000000 ____D C:\FRST 2017-05-04 08:04 - 2017-05-04 08:16 - 00000000 ____D C:\AVG_Remover 2017-05-04 00:07 - 2017-05-04 00:07 - 00000000 ____D C:\WINDOWS\system32\%commonappdata% 2017-05-03 23:42 - 2017-05-03 23:42 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0F0F31F2.sys 2017-05-03 23:30 - 2017-05-03 23:30 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0FA12857.sys 2017-05-03 23:29 - 2017-05-03 23:29 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\346327A7.sys 2017-05-03 23:28 - 2017-05-03 23:28 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\592526F7.sys 2017-05-03 23:25 - 2017-05-03 23:25 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7B9D24B8.sys 2017-05-03 23:21 - 2017-05-03 23:21 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\32822217.sys 2017-05-03 23:21 - 2017-05-03 23:21 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0140216A.sys 2017-05-03 23:17 - 2017-05-03 23:17 - 00000016 _____ C:\InjectIntoProcess crash 2017-05-03 17:44 - 2017-05-04 10:10 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-05-03 17:44 - 2017-05-04 10:10 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-05-03 17:44 - 2017-05-04 10:10 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-05-03 17:44 - 2017-05-03 17:44 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-05-03 17:44 - 2017-05-03 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-03 17:44 - 2017-05-03 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-03 17:44 - 2017-05-03 17:44 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-03 17:44 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-05-03 17:37 - 2017-05-03 17:43 - 60107896 _____ (Malwarebytes ) C:\Users\William\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe 2017-05-03 17:28 - 2017-05-03 17:29 - 211072168 _____ (Trend Micro Inc.) C:\Users\William\Downloads\TTi_11.0_HE_64bit.exe 2017-05-03 17:27 - 2017-05-04 00:08 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForWilliam.job 2017-05-03 17:27 - 2017-05-03 17:27 - 00003272 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForWilliam 2017-05-03 17:03 - 2017-05-03 17:03 - 00000000 ____D C:\Users\William\AppData\Roaming\HP Support Assistant 2017-05-02 12:03 - 2017-05-02 12:03 - 00007598 _____ C:\Users\William\AppData\Local\Resmon.ResmonCfg 2017-05-02 11:24 - 2017-05-02 11:27 - 04102600 _____ C:\Users\William\Downloads\adwcleaner_6.046.exe 2017-05-02 10:36 - 2017-05-02 10:36 - 00000000 ____D C:\Users\William\AppData\Roaming\Google ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-04 10:10 - 2016-09-23 14:05 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-05-04 09:37 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-05-04 09:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-05-04 08:59 - 2016-09-21 18:42 - 00000000 ____D C:\ProgramData\Trend Micro 2017-05-04 08:48 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-05-04 08:44 - 2016-10-22 04:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-04 08:43 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-05-04 08:23 - 2016-09-13 21:14 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-04 08:23 - 2016-09-13 21:14 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-04 08:16 - 2016-12-05 13:32 - 00000000 ____D C:\ProgramData\Avg 2017-05-04 08:16 - 2016-12-05 13:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-05-04 08:15 - 2016-12-05 13:30 - 00000000 ____D C:\Program Files (x86)\AVG 2017-05-04 08:10 - 2016-07-16 07:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2017-05-04 08:09 - 2016-12-05 13:32 - 00000000 ____D C:\Users\William\AppData\Local\Avg 2017-05-04 07:37 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-05-04 00:20 - 2016-11-25 17:58 - 00000332 _____ C:\Users\William\AppData\Roaming\wklnhst.dat 2017-05-04 00:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2017-05-04 00:08 - 2016-12-16 07:28 - 00000000 ____D C:\Users\William\AppData\Local\PuzzleGamesDailyTooltab 2017-05-03 23:16 - 2016-09-13 20:53 - 00000000 ____D C:\Users\William\AppData\Local\Packages 2017-05-03 22:58 - 2016-09-13 19:06 - 00000000 ____D C:\ProgramData\iolo 2017-05-03 22:21 - 2016-10-22 04:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-05-03 17:31 - 2016-09-21 19:47 - 00000010 _____ C:\Users\William\AppData\Local\sponge.last.runtime.cache 2017-05-03 17:27 - 2016-09-13 14:52 - 00000000 ____D C:\Users\William\AppData\Local\Hewlett-Packard 2017-05-03 17:03 - 2016-09-20 15:38 - 00000000 ____D C:\Users\William\AppData\Roaming\HpUpdate 2017-05-02 12:45 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-05-02 11:45 - 2016-09-13 20:41 - 01061014 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-02 11:34 - 2016-09-21 18:21 - 00000000 ____D C:\AdwCleaner 2017-05-02 11:31 - 2016-09-13 19:06 - 00000000 ____D C:\Program Files (x86)\iolo 2017-05-02 11:05 - 2017-03-20 15:07 - 00002422 _____ C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-05-02 11:05 - 2016-12-16 16:39 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-05-02 11:05 - 2016-09-13 20:57 - 00000000 ___RD C:\Users\William\OneDrive 2017-05-02 02:00 - 2016-12-05 13:30 - 00000000 ____D C:\ProgramData\AVG Online Backup 2017-04-28 22:40 - 2016-10-22 04:24 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-28 22:40 - 2016-10-22 04:24 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-14 01:00 - 2016-10-13 20:38 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-04-14 00:56 - 2016-10-13 20:37 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-04-13 20:28 - 2016-10-22 04:11 - 00000000 ____D C:\Users\William ==================== Files in the root of some directories ======= 2016-11-25 17:58 - 2017-05-04 00:20 - 0000332 _____ () C:\Users\William\AppData\Roaming\wklnhst.dat 2016-09-21 18:42 - 2016-09-21 18:42 - 0000036 _____ () C:\Users\William\AppData\Local\housecall.guid.cache 2017-05-02 12:03 - 2017-05-02 12:03 - 0007598 _____ () C:\Users\William\AppData\Local\Resmon.ResmonCfg 2016-09-21 19:47 - 2017-05-03 17:31 - 0000010 _____ () C:\Users\William\AppData\Local\sponge.last.runtime.cache 2016-09-20 15:36 - 2016-09-20 15:36 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-04-28 17:39 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01 Ran by William (04-05-2017 10:19:02) Running from C:\Users\William\Desktop Windows 10 Home Version 1607 (X64) (2016-10-22 08:33:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3526073170-1583772248-2959233235-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3526073170-1583772248-2959233235-503 - Limited - Disabled) Guest (S-1-5-21-3526073170-1583772248-2959233235-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3526073170-1583772248-2959233235-1002 - Limited - Enabled) William (S-1-5-21-3526073170-1583772248-2959233235-1001 - Administrator - Enabled) => C:\Users\William ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Maximum Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Trend Micro Maximum Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden AVG Online Backup (x32 Version: 6.5.1.108 - AVG) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard) HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard) HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Hulu Desktop (HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - ) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation) PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com) Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.) Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) YourTemplateFinder Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\YourTemplateFinderTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02D7F76C-397B-49EB-8B7B-CD8B61FA8283} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {08AB6384-9A09-493C-BD2F-0BABE25C4AD0} - System32\Tasks\HPCeeScheduleForWilliam => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard) Task: {0B7D27A5-EEB9-4075-B0F9-FDD9439A1B83} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink) Task: {14C4F043-2625-4D3A-A396-667EE3F0C315} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {1859C22B-680D-4A04-A8B9-D81BA5399772} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {21DDFA2F-3A7D-47D5-8654-475D093D246D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {238E40ED-4D14-4F07-A95D-FA7DEC5D0C39} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {260FDA65-96D7-4923-A7B5-5238E57B5E38} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {261FCE89-8502-4429-A596-52CC845BC41B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {2B22E2C5-EA49-4559-AFBD-F73C72654617} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {364D2656-A8FA-4C0C-9072-C49D0A1D72E2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {3AF7C009-E76B-413D-A643-CB06582CE06A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {44776A2E-3338-4A7D-A5AC-AA7A9818B812} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {4738408D-1C65-4040-9C23-73E1E6DE4F89} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {533043F3-61A5-4EB5-9062-70A31D6129A7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {5B147D90-4D80-41F5-BE0E-40BE7FB8BEBF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\OneDriveStandaloneUpdater.exe Task: {60F567A5-1DE5-43F8-8452-525B5125375E} - System32\Tasks\AVG Online Backup - AVG78224 => C:\Program Files (x86)\AVG Online Backup\sosuploadagent.exe [2016-08-30] (AVG Online Backup) Task: {676CF028-ABE1-4747-BFE4-F62A742560EE} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard) Task: {7BD1D809-2F0F-4238-BD1E-A71C519D7222} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {840EDF36-3607-40E5-90B6-E93DF12D6BF7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {A2D368AE-5279-4D03-915D-76BF45312D5E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {A45D4F49-E07D-4CD3-957D-EE8F242D4A59} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe Task: {AC301344-A8D4-4C8E-9CF2-988ED88980DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {C8624761-CE01-4ED2-A931-BBDAE1529B61} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {CAC9649C-A26A-43AD-9786-EC630F8AB23B} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard) Task: {CAEAD46F-5CA1-4803-A721-3B5D58EAD8F0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {CD2928B4-8046-483C-9521-F4F7CF9BE3CD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {D0A23BE4-1996-4F79-8758-299B109C0DBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.) Task: {D5CB447C-7878-41BF-8E67-1D20D6C7DBF6} - \Microsoft\Windows\Setup\EOSNotify -> No File Task: {E2081106-BE16-4EB3-B52F-AA2FE434917F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.) Task: {F36D7E41-4DFE-4BBE-9D59-90ED3DBAC7BE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {F918362F-DECA-4F39-B635-29FBC3ECD68A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {FCCA2E56-E461-4CBD-A7F3-41EB9F56F907} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForWilliam.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-09-21 18:43 - 2015-03-31 07:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll 2016-09-21 18:43 - 2015-03-31 07:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll 2016-09-21 18:43 - 2015-03-31 07:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll 2016-09-21 18:43 - 2015-03-31 07:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll 2016-09-21 18:43 - 2015-03-31 07:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll 2016-09-21 18:43 - 2015-03-31 07:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 2016-09-21 18:40 - 2015-07-16 14:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll 2016-09-21 18:43 - 2015-07-16 14:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll 2016-09-21 18:43 - 2015-07-16 14:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll 2016-09-21 18:43 - 2015-07-16 14:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll 2016-09-21 18:43 - 2015-07-16 14:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-03-22 15:40 - 2017-03-04 03:19 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-03-22 15:40 - 2017-03-04 03:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-03-22 15:40 - 2017-03-04 03:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-22 07:58 - 2016-10-22 07:58 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-22 15:46 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-22 15:39 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-22 15:39 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-22 15:39 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-03-22 15:39 - 2017-03-04 02:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-03-22 15:39 - 2017-03-04 02:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-03-22 15:39 - 2017-03-04 02:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-11-07 03:38 - 2016-10-11 04:52 - 00077072 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll 2017-05-03 17:44 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-05-03 17:44 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-04-01 17:17 - 2017-04-01 17:17 - 14350336 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.52.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll 2009-10-22 22:50 - 2009-10-22 22:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgApiWrapper => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgUpgrade => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClientManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\hp\Hp_1.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AvgApiWrapper => 2 MSCONFIG\Services: AvgUpgrade => 2 MSCONFIG\Services: ClientManager => 2 MSCONFIG\Services: sagentservice => 2 HKLM\...\StartupApproved\StartupFolder: => "PictureMover.lnk" HKLM\...\StartupApproved\Run: => "PC-Doctor for Windows localizer" HKLM\...\StartupApproved\Run32: => "AVG_UI" HKLM\...\StartupApproved\Run32: => "AvgUi" HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\StartupApproved\Run: => "HPADVISOR" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5E0BE303-10B5-414A-AC68-242CD90DE656}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{365FF2AE-C101-4DFC-B458-2BC56542BA3A}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{C2434B2C-1748-4808-B9CC-BA26A9058EA3}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe FirewallRules: [{E9E5EAD7-10C8-4328-A177-7D61EBF24558}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe FirewallRules: [{1D9F9192-241F-4B65-AF6B-79CDA00F109A}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe FirewallRules: [{321EE818-508D-465C-8E42-671720692AF7}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe FirewallRules: [{7BDF9A3E-F198-4F6B-B44C-F0E4C299FCD3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{4880A744-175E-4894-824F-13A151A2A132}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe FirewallRules: [{1D054CA5-E329-40AF-A202-1479C4FCD6DE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe FirewallRules: [{18B8E588-C53C-479E-A225-CED02417B9B3}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe FirewallRules: [{866089F2-FBAC-4F31-B012-69AFE1A98C37}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe FirewallRules: [{772D1779-862C-4621-9AB8-321BB6AD39AD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe FirewallRules: [{DB1572C1-3FA6-4D06-A23D-44948DB3CF44}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{19099448-427F-4897-984C-74B433E97D96}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{7FFE5900-3116-4649-9157-4C8AB7647095}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{6DE2D9DE-38B3-4B6D-BD8F-974956CCE4AB}] => (Allow) svchost.exe FirewallRules: [{30A44DB5-4E2C-4B38-BC1F-A162FBC750E3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{16D4F267-82E9-41C2-97CD-A56881C68FAC}] => (Allow) LPort=4158 FirewallRules: [{EE6D7340-D9FD-49AE-987F-DE2DF7DFA24C}] => (Allow) LPort=30861 FirewallRules: [{CDE2D2B6-A9FA-4393-955C-3FF0FED6C89C}] => (Allow) LPort=30869 FirewallRules: [{19357686-8590-4010-9EBF-F0CE3F0CF65A}] => (Allow) LPort=30870 FirewallRules: [{BE2774AE-AE5C-4C04-8F04-D9D0285DB934}] => (Allow) LPort=30871 FirewallRules: [{B053DAB0-BC1C-4972-A9B5-C0FAE72AEC9B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{38157AB0-1413-4B5B-B110-0BB0B4CC5105}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{D69F4EC7-13D5-420F-82D3-482CD6A2FC4B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{3EEAD8DE-504C-44BC-B236-5847EC394699}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{BB8AEF9E-1F04-415A-88F1-B5B560FA190E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 04-04-2017 13:10:13 Scheduled Checkpoint 13-04-2017 23:34:59 Scheduled Checkpoint 16-04-2017 19:00:04 Windows Backup 30-04-2017 13:39:01 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/04/2017 08:51:25 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (05/04/2017 08:51:23 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (05/04/2017 12:02:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/04/2017 12:02:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/04/2017 12:00:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:59:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:59:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:59:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:58:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (05/04/2017 09:23:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 08:44:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 08:43:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout. Error: (05/04/2017 08:43:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Update Orchestrator Service for Windows Update service terminated with the following error: The class is configured to run as a security id different from the caller Error: (05/04/2017 08:43:04 AM) (Source: DCOM) (EventID: 10010) (User: 14189-WILLIAM-L) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (05/04/2017 08:34:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 08:15:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 08:09:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). Error: (05/04/2017 07:33:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 12:08:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-05-04 07:38:33.495 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:38:26.045 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:37:35.079 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:37:05.954 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:37:05.508 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:36:50.855 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:36:09.216 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 00:12:08.234 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 00:12:08.004 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 00:12:07.275 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. [0x7FF9E90970E3] ANOMALY: use of REX.w is meaningless (default operand size is 64) ==================== Memory info =========================== Processor: AMD Athlon II X2 250 Processor Percentage of memory in use: 51% Total physical RAM: 3839.3 MB Available physical RAM: 1859.16 MB Total Virtual: 7679.3 MB Available Virtual: 5565.22 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:584.87 GB) (Free:520.41 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.77 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=584.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=10.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================FRST.txtAddition.txt
May 4, 20177 yr Hi Tony, It's running pretty well now that the Trend software is not running. So are you keeping Trend Micro or are you removing it? They were quarantined. MBAM shows them in the quarantine, but there is no scan report available. That's strange. So from the main screen there's nothing under 'Reports' on the left hand side?
May 4, 20177 yr Author FPCH Staff Since Trend is giving producing a good deal of drag on this machine, I plan to remove it totally. Here's a shot of the MBAM window.
May 4, 20177 yr Author FPCH Staff Ran another MBAM scan. This time there was a report. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/4/17 Scan Time: 3:21 PM Logfile: MBAM scan 2.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1869 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: 14189-WILLIAM-L\William -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 362561 Time Elapsed: 4 min, 35 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.MindSpark, HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YourTemplateFinderTooltab Uninstall Internet Explorer, No Action By User, [267], [352442],1.0.1869 PUP.Optional.IoloSC, HKLM\SOFTWARE\WOW6432NODE\IOLO\System Checkup, No Action By User, [2166], [349242],1.0.1869 Registry Value: 1 PUP.Optional.MindSpark, HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YourTemplateFinderTooltab Uninstall Internet Explorer|PUBLISHER, No Action By User, [267], [352442],1.0.1869 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 85 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\abstractbutton\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedscript\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\thirdparty\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\uninstall\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedhtml\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\weather\css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\topapps\css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\weather\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\weather\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\topapps\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\generic\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\radio\css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedscript\html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\alert\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\flare\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\radio\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\moviereviews\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\topapps, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\link\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\weather, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\abstractbutton, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedhtml\html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedscript\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\common, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\rss\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\rss\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\radio, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\test, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedhtml\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedscript, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\flare\icons, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\images, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\rss, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio\radioWrapper, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\search\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\thirdparty, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\moviereviews\html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedhtml, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio\foreground, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\uninstall, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\moviereviews\css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\moviereviews\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\generic, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\weather, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api\background, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\alert, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\flare, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\moviereviews, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\search\html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\link, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\rss, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api\window, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio\css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\search, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\adapter, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\native\libs, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\_metadata, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\native, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\icons, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\USERS\WILLIAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GILCCNKJLHDOBGPHMEGEMAJCBPAPDLMM, No Action By User, [267], [301932],1.0.1869 File: 239 PUP.Optional.MindSpark, C:\USERS\WILLIAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GILCCNKJLHDOBGPHMEGEMAJCBPAPDLMM\12.600.10.40484_0\MANIFEST.JSON, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\adapter\adapterUtil.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\adapter\widget-adapter.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\abstractbutton\background\abstractButton.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\alert\background\alertButton.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedhtml\background\embedHtmlWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedhtml\html\embedHtmlTemplate.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedhtml\js\embedHtmlUI.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedscript\background\embedScriptWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedscript\html\embedScriptTemplate.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\embedscript\js\embedScriptUI.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\flare\background\FlareWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\flare\icons\Icon_Flare_blue.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\flare\icons\Icon_Flare_pink.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\flare\icons\Thumbs.db, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\generic\background\GenericWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\link\background\linkButton.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\background\menuButton.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\css\menuframe.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\html\menuframe.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\images\right_arrow.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\images\right_arrow_white.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\js\jquery-1.7.1.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\js\menuframe.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\js\query-string.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\js\underscore-1.3.1.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\menu\README.txt, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\rss\background\RssWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\thirdparty\background\thirdPartyWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\uninstall\background\uninstallButton.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\components\weather\background\weatherButton.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\bs.30.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\common.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\dynamic.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\enableDetect.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\eventListening.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\global.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\jquery-1.7.1.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\list-interaction.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\messageEventListener.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\navRedirector.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\paramReplacer.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\PartnerId.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\set.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\underscore-1.3.1.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\underscore-1.5.2.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\js\unifiedLogging.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\common\common.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\common\eventListening.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\common\list-interaction.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\common\set.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\radio\css\radio-widget.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\radio\js\radio-custom.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\radio\js\radio-parser.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\radio\js\radio-widget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\radio\radio-widget.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\rss\js\rss-widget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\rss\rssWidget.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\test\invalid.json, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\test\jquery.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\test\qunit.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\test\qunit.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\test\resource.json, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\test\resource.xml, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\test\testWidget.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\test\testWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\topapps\css\widget.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\topapps\js\topapps-config.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\topapps\js\widget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\topapps\widget.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\weather\css\weatherButton.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\weather\js\weather.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widgets\weather\weatherButton.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\common\widget-api\widget-context-1.0.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api\background\ApiBasedWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api\background\widget-api-impl.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api\window\hiddenWidgetWindow.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api\window\hiddenWidgetWindow.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api\window\hiddenWidgetWindowInit.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api\window\widgetWindow.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\api\window\widgetWindow.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\background\updateSearch.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\background\updateSearchPromptBg.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\07_buttons2.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\08_buttons2.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\defaultSearchModal.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\tvf_btn_ok.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\tvf_btn_ok2.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\tvf_restart_icon.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\defaultSearch\foreground\updateSearchPromptFg.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\moviereviews\background\MovieReviewsWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\moviereviews\css\movieReviews.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\moviereviews\html\movieReviews.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\moviereviews\js\movieReviews.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio\background\RadioWidget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio\css\toolbar-item.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio\foreground\button.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio\radioWrapper\radioWrapper.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\radio\radioWrapper\radioWrapper.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\search\background\searchBox.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\search\html\searchSuggestions.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\search\html\searchSuggestions.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\search\html\searchSuggestions.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\search\html\searchSuggestionsInit.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\css\supertab.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\html\supertab.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\js\newtabfork.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\js\reporting.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\js\srchsugg.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\js\supertab.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\js\unifiedLogging.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\components\supertab\js\__utm.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\_metadata\computed_hashes.json, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\_metadata\verified_contents.json, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\icons\arrowSprite.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\icons\icon128.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\icons\icon16.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\icons\icon19disabled.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\icons\icon19on.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\icons\icon48.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\icons\tb_icon_search_disappearing_ask.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\233269469.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\233269472.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\233269487.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\233269490.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\233269492.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\233269498.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\233269514.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\down_arrow.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\IDR_PRODUCT_LOGO_16.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\IDR_WEBSTORE_ICON.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\magnifying_glass.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\RadioPlayerSprite.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\search_button.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\tvf_icon_guide.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\tvf_logo.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\images\wrench.png, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\newTabInitialize.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\chromeStorage.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\chromeUtils.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\companionSWUtils.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\exeManager.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\exeManagerNMD.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\exePackageManager.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\focusManager.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\globalBlacklistManager.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\messaging.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\mutation_summary-min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\mutation_summary.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\nativeMessagingDispatcher.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\newTabInfo.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\options.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\readLocalStorage.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\reservespacefortoolbar.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\reservespaceifenabled.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\scriptInjector.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\searchContext.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\settingsOverrides.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\toolbarCookieParser.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\toolbarPreinit.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\underscore-1.3.1.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\URILoaderContentScript.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\webTooltabAPI.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\Widget.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\widgetContentScriptInjectee.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\widgetFactory.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\js\widgetWindowManager.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\native\libs\jquery-1.7.1.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\native\libs\jquery-1.9.1.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\native\libs\underscore-1.5.2.min.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\native\cache.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\native\ce.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\native\debug.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\native\ss.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\activePing.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\buttonLogger.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\competitorDnsList.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\console.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\FFPreferencesPersister.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\httpTransport.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\HttpURL.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\internationalSearch.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\LocalStoragePersister.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\MindsparkGlobal.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\MindsparkGlobal.unitTest.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\MindsparkGlobalNotes.txt, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\rsvp-latest.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\searchSuggestLocale.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\testHttpTransport.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\unifiedLogger.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\unifiedLogging.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\universalConsole.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\shared\utils.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\spent2.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\bg.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\buildVars, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\buildVars.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\companionSW.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\config.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\contentScript.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\contentScript.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\debug.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\debug.jade, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\spentJ.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\spentK.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\spentK.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\startup.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\stub.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\stubby.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\superFrame.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\toolbar.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\toolbar.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\toolbarUI.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\toolbarUI.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\toolbarUI.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\url.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\urlFragmentActions.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\webtooltab.cs.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\extension_toolbar_api.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\initWidgetWindow.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\newTabContentScript.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\options.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\spent.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\spent.html, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\spent.js, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm\12.600.10.40484_0\spent2.css, No Action By User, [267], [301932],1.0.1869 PUP.Optional.MindSpark, C:\USERS\WILLIAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_easymaillogin.dl.tb.ask.com_0.localstorage-journal, No Action By User, [267], [240306],1.0.1869 PUP.Optional.MindSpark, C:\USERS\WILLIAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_pdfconverterhq.dl.tb.ask.com_0.localstorage-journal, No Action By User, [267], [240306],1.0.1869 Physical Sector: 0 (No malicious items detected) (end)
May 4, 20177 yr Hi Tony, No Action By User Have you now removed the items? Since Trend is giving producing a good deal of drag on this machine, I plan to remove it totally. Ok. Might be worth running another scan after removing Trend Micro just to make sure there's no leftovers. There are a few AVG leftovers, plus some other items. Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.fixlist.txt
May 4, 20177 yr Author FPCH Staff Sorry about the MBAM report. What you saw was an Exported text file created before I Finished. I hit report to ensure that I got something in a logfile. Why? Because there was no report from the initial MBAM scan. Just making sure I had something before finishing. Yes, everything was quarantined. Have you heard any reports of issues with Trend Max Security and W10? Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01 Ran by William (04-05-2017 17:28:33) Run:1 Running from C:\Users\William\Desktop Loaded Profiles: William (Available Profiles: William) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [sOSUAUI] => C:\Program Files (x86)\AVG Online Backup\sosuploadagent.exe [59440 2016-08-30] (AVG Online Backup) HKLM-x32\...\Run: [sMessaging] => C:\Program Files (x86)\AVG Online Backup\SMessaging.exe [63536 2016-08-30] (AVG Online Backup) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\AVG Online Backup\AccountCreatorRunner.exe [23088 2016-08-30] (AVG Online Backup) HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File Toolbar: HKU\S-1-5-21-3526073170-1583772248-2959233235-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File FF Plugin HKU\S-1-5-21-3526073170-1583772248-2959233235-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll [No File] CHR Extension: (Ask Web Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllfmhclbkgdcbioppcjohckdmjmfmcj [2017-05-04] CHR Extension: (Ask Web Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkmodlfcmmnhhlofndkhdcembjaefbb [2017-05-04] CHR Extension: (InboxNow) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl [2017-05-04] CHR Extension: (EasyMailLogin) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpcmjeckonpfoaacknfdaaehpjbflhl [2017-05-04] S4 sagentservice; C:\Program Files (x86)\AVG Online Backup\SAgent.Service.exe [44080 2016-08-30] (AVG Online Backup) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] S4 AvgUpgrade; "C:\Program Files (x86)\AVG\CloudCare\AvgUpgrade.exe" [X] S4 ClientManager; "C:\Program Files (x86)\AVG\CloudCare\ClientManager.exe" [X] U3 idsvc; no ImagePath 2017-05-04 08:16 - 2016-12-05 13:32 - 00000000 ____D C:\ProgramData\Avg 2017-05-04 08:15 - 2016-12-05 13:30 - 00000000 ____D C:\Program Files (x86)\AVG 2017-05-04 08:09 - 2016-12-05 13:32 - 00000000 ____D C:\Users\William\AppData\Local\Avg 2017-05-03 22:58 - 2016-09-13 19:06 - 00000000 ____D C:\ProgramData\iolo 2017-05-02 11:31 - 2016-09-13 19:06 - 00000000 ____D C:\Program Files (x86)\iolo 2017-05-02 02:00 - 2016-12-05 13:30 - 00000000 ____D C:\ProgramData\AVG Online Backup Task: {60F567A5-1DE5-43F8-8452-525B5125375E} - System32\Tasks\AVG Online Backup - AVG78224 => C:\Program Files (x86)\AVG Online Backup\sosuploadagent.exe [2016-08-30] (AVG Online Backup) Task: {D5CB447C-7878-41BF-8E67-1D20D6C7DBF6} - \Microsoft\Windows\Setup\EOSNotify -> No File HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgApiWrapper => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgUpgrade => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClientManager => ""="Service" MSCONFIG\Services: AvgApiWrapper => 2 MSCONFIG\Services: AvgUpgrade => 2 MSCONFIG\Services: ClientManager => 2 HKLM\...\StartupApproved\Run32: => "AVG_UI" HKLM\...\StartupApproved\Run32: => "AvgUi" FirewallRules: [{B053DAB0-BC1C-4972-A9B5-C0FAE72AEC9B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{38157AB0-1413-4B5B-B110-0BB0B4CC5105}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{D69F4EC7-13D5-420F-82D3-482CD6A2FC4B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{3EEAD8DE-504C-44BC-B236-5847EC394699}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe C:\Program Files (x86)\AVG Online Backup CMD: ipconfig /flushdns Hosts: EmptyTemp: ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SOSUAUI => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SMessaging => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AccountCreatorRunner => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => value removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key removed successfully HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found. HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\Software\MozillaPlugins\@hulu.com/Hulu Desktop => key removed successfully C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll => not found. C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllfmhclbkgdcbioppcjohckdmjmfmcj => moved successfully C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkmodlfcmmnhhlofndkhdcembjaefbb => moved successfully C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl => moved successfully C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpcmjeckonpfoaacknfdaaehpjbflhl => moved successfully HKLM\System\CurrentControlSet\Services\sagentservice => key removed successfully sagentservice => service removed successfully HKLM\System\CurrentControlSet\Services\Amsp => key removed successfully Amsp => service removed successfully HKLM\System\CurrentControlSet\Services\AvgUpgrade => key removed successfully AvgUpgrade => service removed successfully HKLM\System\CurrentControlSet\Services\ClientManager => key removed successfully ClientManager => service removed successfully HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully idsvc => service removed successfully C:\ProgramData\Avg => moved successfully C:\Program Files (x86)\AVG => moved successfully C:\Users\William\AppData\Local\Avg => moved successfully C:\ProgramData\iolo => moved successfully C:\Program Files (x86)\iolo => moved successfully C:\ProgramData\AVG Online Backup => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60F567A5-1DE5-43F8-8452-525B5125375E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60F567A5-1DE5-43F8-8452-525B5125375E} => key removed successfully C:\WINDOWS\System32\Tasks\AVG Online Backup - AVG78224 => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG Online Backup - AVG78224 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5CB447C-7878-41BF-8E67-1D20D6C7DBF6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5CB447C-7878-41BF-8E67-1D20D6C7DBF6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify => key removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AvgApiWrapper => key removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AvgUpgrade => key removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ClientManager => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AvgApiWrapper => key removed successfully HKLM\System\CurrentControlSet\Services\AvgApiWrapper => key not found. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AvgUpgrade => key removed successfully HKLM\System\CurrentControlSet\Services\AvgUpgrade => key not found. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ClientManager => key removed successfully HKLM\System\CurrentControlSet\Services\ClientManager => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AVG_UI => value removed successfully HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AvgUi => value removed successfully HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B053DAB0-BC1C-4972-A9B5-C0FAE72AEC9B} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38157AB0-1413-4B5B-B110-0BB0B4CC5105} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D69F4EC7-13D5-420F-82D3-482CD6A2FC4B} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3EEAD8DE-504C-44BC-B236-5847EC394699} => value removed successfully C:\Program Files (x86)\AVG Online Backup => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 3083088 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37457061 B Java, Flash, Steam htmlcache => 1703 B Windows/system/drivers => 808296306 B Edge => 0 B Chrome => 181279262 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 152296 B NetworkService => 27956 B William => 22914526 B RecycleBin => 42031 B EmptyTemp: => 1004.5 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:29:12 ====
May 4, 20177 yr Have you heard any reports of issues with Trend Max Security and W10? If you do a Google search for.... Trend Micro and windows 10 problems You'll see quite a few problems, but these seem to be related to last year. I don't see anything relating to this year. How's the system running now?
May 4, 20177 yr Author FPCH Staff System seems to be running as I would expect. What I don't understand is why the Trend Max Security isn't starting/showing in the Notification Area any more. Previous to the FRSTFix, it would show up in the Notification Area and I'd have to disable it. There was no option to disable it permanently. The only option showing was to disable until restart. Defender is now showing up in the Notification Area. It's enabled.]
May 5, 20177 yr What I don't understand is why the Trend Max Security isn't starting/showing in the Notification Area any more. Previous to the FRSTFix, it would show up in the Notification Area and I'd have to disable it. The service relating to Trend Micro that was removed in the fix was: R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] so although the service was listed as R2 (R=Running ..... 2=Auto start ) The [X] at the end signifies that FRST could not find the files associated with the particular Service or Driver and has listed the ImagePath as it is in the registry instead. We normally remove these entries because the files associated couldn't be found and if you wanted to keep the program would recommend it be reinstalled.
