Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stage Remote / Trovi virus

slow Internet start Internet box closes

  • Please log in to reply

#1
Krueg9651

Krueg9651

    Member

  • Member
  • PipPip
  • 90 posts

Hello everyone,

 

First off, thank you for all that you do.  You have helped me in previous years and you truly deserve more recognition for your volunteer work.

 

I recently downloaded a virus in which the bottom of the screen shows a "Stage Remote" icon.  Also, when I try to use the Internet, it goes VERY slow.  After a few minutes of using Explorer, Google Chrome, etc., the boxes automatically close without me doing anything.  Additionally, when I search on Google, I see "Trovi search suggestions" as well.

 

Below is my log.  Thanks again for all that you do!

 

-Andrew

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by Andrew (administrator) on ANDREW-PC on 26-04-2015 13:24:51
Running from C:\Users\Andrew\Desktop\Virus removal
Loaded Profiles: Andrew (Available profiles: Andrew)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Search Protect) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
() C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcsvrcnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Chicony_OSD] => C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-05] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1192664 2012-07-10] ()
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [Spotify] => C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe [7609560 2012-07-10] (Spotify Ltd)
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Andrew\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Andrew\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search Protect)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B868.lnk [2015-04-12]
ShortcutTarget: B868.lnk -> C:\ProgramData\{ba6e9f37-fb0d-a673-ba6e-e9f37fb07cdf}\B868.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8C76C316-788B-42E5-9B10-D5F6C84F616E} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {39979857-CA76-4B27-BDBA-A97A6AFFA155} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {8C76C316-788B-42E5-9B10-D5F6C84F616E} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...094154A312=
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...094154A312=
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {39979857-CA76-4B27-BDBA-A97A6AFFA155} URL = http://search.condui...8829497156&UM=2
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {8C76C316-788B-42E5-9B10-D5F6C84F616E} URL =
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2014-02-05 06:10:56&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: ccoomPareItApplic -> {48cbf556-ec62-4f55-a5a9-b088ff10d29f} -> C:\Program Files (x86)\ccoomPareItApplic\sndmlGnZSe2y0x.x64.dll [2015-04-20] ()
BHO: NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.x64.dll [2015-04-20] ()
BHO-x32: ccoomPareItApplic -> {48cbf556-ec62-4f55-a5a9-b088ff10d29f} -> C:\Program Files (x86)\ccoomPareItApplic\sndmlGnZSe2y0x.dll [2015-04-20] ()
BHO-x32: NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.dll [2015-04-20] ()
Toolbar: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-05] (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2013-03-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2013-03-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3cuohms2.default
FF DefaultSearchEngine: Trovi search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&CUI=UN19190656903089125&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://mysearch.avg.com?cid={9341B82C-2C15-4187-BA8F-86DB1D0C5816}&mid=37d20123b2084729955306c3b16bf1ed-d5a9ebbbd5f0de84f44fac4eb97a521d49a95c65&lang=en&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=2014-02-05 06:10:56&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN19190656903089125&UM=2&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2013-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2013-03-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3cuohms2.default\searchplugins\trovi-search.xml [2014-11-14]
FF SearchPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3cuohms2.default\searchplugins\utorrentcontrolv6-customized-web-search.xml [2014-01-02]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-05-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885 [2015-03-05]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-05-22]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={9341B82C-2C15-4187-BA8F-86DB1D0C5816}&mid=37d20123b2084729955306c3b16bf1ed-d5a9ebbbd5f0de84f44fac4eb97a521d49a95c65&lang=en&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=2014-02-05 06:10:56&v=18.1.9.799&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={9341B82C-2C15-4187-BA8F-86DB1D0C5816}&mid=37d20123b2084729955306c3b16bf1ed-d5a9ebbbd5f0de84f44fac4eb97a521d49a95c65&lang=en&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=2014-02-05 06:10:56&v=18.1.9.799&pid=safeguard&sg=0&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> http://mysearch.avg....sa&d=2014-02-05 06:10:56&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://mysearch.avg...sa&d=2014-02-05 06:10:56&v=18.1.0.444&pid=safeguard&sg=0
CHR DefaultSuggestURL: Default -> http://toolbar.avg.c...earchTerms}&o=1
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14]
CHR Extension: (uTorrentControl_v6) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-07-21]
CHR Extension: (Bookmark Manager) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (ccoomPareItApplic) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagdkokiaiibigjeceplddhimhiehch [2015-04-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Use VLC for YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda [2015-04-20]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-21]
CHR HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Andrew\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-14]
CHR HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Andrew\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-05-22]
CHR HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Andrew\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-05-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3056960 2014-11-10] (Search Protect)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-05] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 13:24 - 2015-04-26 13:24 - 00000000 ____D () C:\FRST
2015-04-26 13:23 - 2015-04-26 13:24 - 00000000 ____D () C:\Users\Andrew\Desktop\Virus removal
2015-04-26 12:19 - 2015-04-26 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-20 16:30 - 2015-04-20 16:30 - 00000000 ____D () C:\ProgramData\{33f4074c-0d7e-4892-33f4-4074c0d71d30}
2015-04-20 16:20 - 2015-04-20 16:20 - 00000000 ____D () C:\Program Files (x86)\Use VLC for YouTube
2015-04-20 16:19 - 2015-04-26 01:50 - 00000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2015-04-20 16:19 - 2015-04-20 16:20 - 00000000 ____D () C:\Program Files (x86)\NoNoizzeBrowse
2015-04-20 16:18 - 2015-04-21 00:08 - 00000000 ____D () C:\Program Files (x86)\ccoomPareItApplic
2015-04-20 16:18 - 2015-04-20 16:20 - 00000000 ____D () C:\ProgramData\12094985290615386748
2015-04-20 16:18 - 2015-04-20 16:18 - 00000000 ____D () C:\Program Files (x86)\ActiveDeals
2015-04-19 12:08 - 2015-04-19 12:11 - 00000000 ____D () C:\Users\Andrew\Downloads\Real.Time.With.Bill.Maher.2015.04.17.HDTV.x264-BATV[ettv]
2015-04-15 20:38 - 2015-04-15 20:38 - 00390045 _____ () C:\Users\Andrew\Downloads\Info Meeting.pptx
2015-04-15 06:37 - 2015-04-15 06:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 06:37 - 2015-04-15 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-15 06:22 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 06:22 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 06:22 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 06:22 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 06:22 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 06:22 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 06:22 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 06:22 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 06:22 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 06:22 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 06:22 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 06:22 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 06:22 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 06:22 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 06:22 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 06:22 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 06:22 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 06:22 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 06:22 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 06:22 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 06:22 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 06:22 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 06:22 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 06:22 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 06:22 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 06:22 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 06:22 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 06:22 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 06:22 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 06:22 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 06:22 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 06:22 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 06:22 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 06:22 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 06:22 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 06:22 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 06:22 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 06:22 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 06:22 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 06:22 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 06:21 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 06:21 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 06:21 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 06:21 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 06:21 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 06:21 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 06:21 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 06:21 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 06:21 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 06:21 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 06:21 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 06:21 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 06:21 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 06:21 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 06:21 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 06:21 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 06:21 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 06:21 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 06:21 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 06:21 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 06:21 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 06:21 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 06:21 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 06:21 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 06:21 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 06:21 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 06:21 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 06:21 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 06:21 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 06:21 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 06:21 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 06:21 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 06:21 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 06:21 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 06:21 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 06:21 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 06:21 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 06:21 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 06:21 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 06:21 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 06:21 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 06:21 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 06:21 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 06:21 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 06:21 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 06:21 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 06:21 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 06:21 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 06:21 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 06:21 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 06:21 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 06:21 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 06:21 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 06:21 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 06:21 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 06:21 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 06:21 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 06:21 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 06:21 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 06:21 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 06:21 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 06:21 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-12 14:06 - 2015-04-12 14:20 - 00000000 ____D () C:\Users\Andrew\Downloads\Inherent Vice 2014 1080p BRRip x264 DTS-JYK
2015-04-12 13:05 - 2015-04-12 13:18 - 00000000 ____D () C:\Users\Andrew\Downloads\Predestination (2014) [1080p]
2015-04-12 13:03 - 2015-04-20 16:17 - 00000000 ____D () C:\ProgramData\{ba6e9f37-fb0d-a673-ba6e-e9f37fb07cdf}
2015-04-12 11:36 - 2015-04-12 11:54 - 1682835917 ____R () C:\Users\Andrew\Downloads\Game.of.Thrones.S04E10.720p.HDTV.x264-KILLERS.mkv
2015-04-12 11:15 - 2015-04-12 11:17 - 00000000 ____D () C:\Users\Andrew\Downloads\Game of Thrones S05E04 WEBRip XviD-FUM[ettv]
2015-04-12 11:05 - 2015-04-12 11:09 - 00000000 ____D () C:\Users\Andrew\Downloads\Game of Thrones S05E03 WEBRip XviD-FUM[ettv]
2015-04-12 10:54 - 2015-04-12 11:03 - 388899911 ____R () C:\Users\Andrew\Downloads\Game.of.Thrones.S05E02.HDTV.x264-Xclusive.mp4
2015-04-12 10:46 - 2015-04-12 10:52 - 312338446 ____R () C:\Users\Andrew\Downloads\Game.of.Thrones.S05E01.HDTV.x264-Xclusive.mp4
2015-04-11 11:20 - 2015-04-11 11:21 - 3109865732 _____ () C:\Users\Andrew\Whiplash 2014 1080p BRRip x264 DTS-JYK.mpg
2015-04-11 11:13 - 2015-04-11 11:13 - 00000000 ____D () C:\Users\Andrew\AppData\Local\videoconverter
2015-04-11 11:13 - 2015-04-11 11:13 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Movavi
2015-04-11 11:12 - 2015-04-11 11:12 - 00001162 _____ () C:\Users\Public\Desktop\Movavi Video Converter 15.lnk
2015-04-11 11:12 - 2015-04-11 11:12 - 00000000 ____D () C:\ProgramData\Movavi
2015-04-11 11:12 - 2015-04-11 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 15
2015-04-11 11:12 - 2015-04-11 11:12 - 00000000 ____D () C:\Program Files (x86)\Movavi Video Converter 15
2015-04-11 10:58 - 2015-04-11 11:01 - 385270798 ____R () C:\Users\Andrew\Downloads\Shameless.US.S05E12.HDTV.x264-LOL.mp4
2015-04-11 10:46 - 2015-04-11 10:50 - 337247945 ____R () C:\Users\Andrew\Downloads\Real.Time.With.Bill.Maher.2015.04.10.HDTV.x264-BATV.mp4
2015-04-05 22:24 - 2015-04-05 22:36 - 00000000 ____D () C:\Users\Andrew\Downloads\Saturday.Night.Live.S40E17.Michael.Keaton-Carly.Rae.Jepsen.UNCUT.iNTERNAL.HDTV.x264-W4F[ettv]
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 00:22 - 2015-04-04 00:24 - 00000000 ____D () C:\Users\Andrew\Downloads\Men.Women.And.Children.2014.1080p.BluRay.H264.AAC.5.1.BADASSMEDIA
2015-04-03 22:50 - 2015-04-03 22:54 - 00000000 ____D () C:\Users\Andrew\Downloads\Going Clear Scientology and the Prison of Belief 2015 HDTV x264-FUM[ettv]
2015-04-03 04:22 - 2015-04-03 04:26 - 373878477 ____R () C:\Users\Andrew\Downloads\Shameless.US.S05E10.HDTV.x264-LOL.mp4
2015-04-03 04:21 - 2015-04-03 04:25 - 383775215 ____R () C:\Users\Andrew\Downloads\Shameless.US.S05E11.HDTV.x264-LOL.mp4
2015-03-31 13:02 - 2015-03-31 13:03 - 00000000 ____D () C:\Users\Andrew\Downloads\Son of a Gun (2014) [1080p]
2015-03-30 10:52 - 2015-04-26 12:24 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-30 10:52 - 2015-03-30 10:52 - 00004034 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-03-30 10:52 - 2015-03-30 10:52 - 00003222 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-03-30 10:52 - 2015-03-30 10:52 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-03-30 10:52 - 2015-03-30 10:52 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-03-29 21:10 - 2015-03-29 21:19 - 00000000 ____D () C:\Users\Andrew\Downloads\The Babadook (2014) [1080p]
2015-03-29 20:49 - 2015-03-29 21:02 - 00000000 ____D () C:\Users\Andrew\Downloads\Top Five (2014) [1080p]
2015-03-29 11:09 - 2015-03-29 11:12 - 401710224 ____R () C:\Users\Andrew\Downloads\Real.Time.With.Bill.Maher.2015.03.27.HDTV.x264-BATV.mp4
2015-03-28 00:19 - 2015-03-28 00:20 - 00000000 ____D () C:\Users\Andrew\Downloads\Last.Week.Tonight.With.John.Oliver.S02E06.HDTV.x264-BATV[ettv]
2015-03-28 00:13 - 2015-03-28 00:13 - 00000000 ____D () C:\Users\Andrew\Downloads\Last.Week.Tonight.With.John.Oliver.S02E07.HDTV.x264-BATV[ettv]

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 13:24 - 2012-05-22 16:39 - 01715747 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 13:23 - 2012-06-07 13:53 - 00000000 ____D () C:\Users\Andrew\Desktop\Krueger flash drive
2015-04-26 12:55 - 2012-08-04 14:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 12:39 - 2012-05-22 16:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 12:37 - 2012-07-18 23:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-26 12:37 - 2012-07-10 22:16 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Spotify
2015-04-26 12:30 - 2012-06-06 00:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Nero
2015-04-26 12:22 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 12:22 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 12:15 - 2014-01-14 21:48 - 00000000 ___RD () C:\Users\Andrew\Google Drive
2015-04-26 12:15 - 2012-05-22 17:05 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-04-26 12:15 - 2012-05-22 17:05 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-04-26 12:15 - 2012-05-22 17:00 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-04-26 12:14 - 2012-08-04 14:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 12:11 - 2009-07-14 00:08 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-26 12:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 12:11 - 2009-07-13 23:51 - 00073485 _____ () C:\Windows\setupact.log
2015-04-26 03:11 - 2013-02-23 11:00 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\vlc
2015-04-19 12:18 - 2013-02-23 01:36 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2015-04-16 05:50 - 2012-08-04 14:48 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 22:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 20:39 - 2012-05-22 16:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 20:39 - 2012-05-22 16:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 20:39 - 2012-05-22 16:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 20:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 20:16 - 2014-12-10 21:20 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 20:16 - 2014-05-06 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 20:16 - 2010-11-20 22:47 - 00272978 _____ () C:\Windows\PFRO.log
2015-04-15 06:40 - 2012-06-05 11:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 06:39 - 2011-02-10 09:33 - 00776846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 06:39 - 2009-07-14 00:13 - 00776846 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 06:37 - 2012-05-22 17:03 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 06:36 - 2009-07-13 21:34 - 00000510 _____ () C:\Windows\win.ini
2015-04-11 11:21 - 2012-06-05 10:11 - 00000000 ____D () C:\Users\Andrew
2015-04-11 11:19 - 2015-02-15 00:25 - 00000000 ____D () C:\Users\Andrew\Downloads\Whiplash 2014 1080p BRRip x264 DTS-JYK
2015-04-11 11:11 - 2014-11-30 00:45 - 00000000 ____D () C:\Users\Andrew\Desktop\LTIC 520
2015-04-03 00:57 - 2013-05-30 23:14 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\dvdcss
2015-04-02 14:52 - 2015-02-11 23:49 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-03-30 10:52 - 2012-05-22 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

==================== Files in the root of some directories =======

2014-01-14 21:46 - 2014-01-15 00:10 - 50053120 _____ () C:\Program Files (x86)\GUT8D24.tmp
2013-12-12 23:38 - 2014-06-25 03:15 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-04-20 16:19 - 2015-04-26 01:50 - 0000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2013-12-04 01:50 - 2013-12-04 01:50 - 0012288 _____ () C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\asc5-setup-s3.exe
C:\Users\Andrew\AppData\Local\Temp\B868.exe
C:\Users\Andrew\AppData\Local\Temp\E0A0.exe
C:\Users\Andrew\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Andrew\AppData\Local\Temp\iet2AE1.tmp.exe
C:\Users\Andrew\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\Andrew\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
C:\Users\Andrew\AppData\Local\Temp\lowproc.exe
C:\Users\Andrew\AppData\Local\Temp\nsaE1A5.exe
C:\Users\Andrew\AppData\Local\Temp\nsaED3C.exe
C:\Users\Andrew\AppData\Local\Temp\nsfAA05.exe
C:\Users\Andrew\AppData\Local\Temp\nslA1F.exe
C:\Users\Andrew\AppData\Local\Temp\nsq24F.exe
C:\Users\Andrew\AppData\Local\Temp\nsv8C84.exe
C:\Users\Andrew\AppData\Local\Temp\oi_{0B100190-5A3B-4EA3-8AF8-51151DDDA5D7}.exe
C:\Users\Andrew\AppData\Local\Temp\RealPlayer_20130122.exe
C:\Users\Andrew\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Andrew\AppData\Local\Temp\SPStub.exe
C:\Users\Andrew\AppData\Local\Temp\stubhelper.dll
C:\Users\Andrew\AppData\Local\Temp\TMP9B08.exe
C:\Users\Andrew\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Andrew\AppData\Local\Temp\uttA756.tmp.exe
C:\Users\Andrew\AppData\Local\Temp\uttF323.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-14 06:19

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2015
Ran by Andrew at 2015-04-26 13:25:27
Running from C:\Users\Andrew\Desktop\Virus removal
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3960278461-2044705814-1633424519-500 - Administrator - Disabled)
Andrew (S-1-5-21-3960278461-2044705814-1633424519-1000 - Administrator - Enabled) => C:\Users\Andrew
Guest (S-1-5-21-3960278461-2044705814-1633424519-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3960278461-2044705814-1633424519-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
ActiveDeals (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}) (Version:  - ActiveDeals) <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10628 - ATI Technologies Inc.) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.3.0.885 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccoomPareItApplic (HKLM-x32\...\{88E96402-3BBD-02D9-0A36-6FB806AEE04E}) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.6.511 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
Movavi Video Converter 15 (HKLM-x32\...\Movavi Video Converter 15) (Version: 15.2.2 - Movavi)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NoNoizzeBrowse (HKLM-x32\...\{BDB38365-BCF2-1BF7-0020-507553315EA5}) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.209 - Search Protect) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spire.PDFConverter (HKLM-x32\...\{7144A11C-9162-4FE1-BA93-2A8CA6DB30CF}) (Version: 1.0.8 - e-iceblue)
Spotify (HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Spotify) (Version: 0.8.4.93.gd9f49c35 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use VLC for YouTube (HKLM-x32\...\{C2E3DB8B-C43B-9203-7BE7-D03BA334FD8A}) (Version:  - )
uTorrentControl_v6 Toolbar (HKLM-x32\...\uTorrentControl_v6 Toolbar) (Version: 6.13.3.1 - uTorrentControl_v6) <==== ATTENTION
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

23-04-2015 00:44:24 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0077EBE5-BF9B-4F40-A891-5DED7A435372} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {01E73CB1-3329-4FE9-B0B1-8BC9A6FA5A46} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0915298A-AE90-4205-80C3-D17BADC47407} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe [2015-02-26] ()
Task: {0CA1DE0B-DBBA-48A6-9ED1-5DE606B3AA18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {18E7C743-AB9B-4741-8586-400F4CC9A2F1} - System32\Tasks\{69D6DFB6-DD30-49C2-AF4F-0DE759856B3F} => C:\Program Files (x86)\e-iceblue\Spire.PDFConverter\Bin\PDFConverter.exe [2011-06-07] (e-iceblue)
Task: {1D6FB8FD-4C06-41D5-9C57-A800BAA624CD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {40CFC240-561C-4610-BBEC-998E0A3AF824} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {5B43EA33-46F5-4914-A756-1B442C8A0FFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {775AD619-38AF-4C94-8966-2BD4F13C9623} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {775BF3E0-25B4-4CA1-A74E-1F1DE4254F7B} - System32\Tasks\{0D8421A0-C776-441E-9A5A-8348A718FF18} => C:\Program Files (x86)\e-iceblue\Spire.PDFConverter\Bin\PDFConverter.exe [2011-06-07] (e-iceblue)
Task: {7D4AF4F6-31C3-40B2-A803-BC8511160EEC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {9704B319-C4D4-4D9C-B76B-190321E3475B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B246FA33-767C-4897-931B-74E8325072EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B4051AEC-BDAF-4406-902E-6D9C83C5ED8C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C0832607-22E9-4DD2-A4BE-3256AA57223F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {DF827765-70C3-49DC-BD0A-E16F6860D7A9} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {E9A729AD-A8E5-4801-8F76-940088D87934} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-05 07:01 - 2015-03-05 07:01 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2015-04-20 16:19 - 2015-04-20 16:19 - 00927232 _____ () C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.x64.dll
2012-05-22 17:01 - 2012-01-26 21:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-06-27 19:26 - 2011-06-27 19:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2012-07-10 22:16 - 2012-07-10 22:18 - 01192664 _____ () C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-05 07:01 - 2015-03-05 07:01 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 23:21 - 2011-06-24 23:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{235A4EE2-2374-4278-A0C7-B9AE5A0DF22D}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B9C02A4A-CD82-4A68-AFEF-18A6E71A7E98}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A97E85F5-E4ED-43CD-AE61-FD7FA5B9AAE7}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{151E872D-94EA-45EE-8C53-405FA3416CC3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6F4D9268-AF1D-4C4D-822B-D53059A1B1C5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E1C9D98B-80FA-48B3-AF19-59F00DFF0297}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F84AA211-BBD9-4D2A-A77D-3A7613072F13}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1405285E-6BD0-492D-9D41-E65C52B5DD16}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{778113A6-EF06-49BB-943C-C42DA5C58D62}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{5DC0E443-46EE-419C-8BB8-3BE6C8507D12}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{36D25CD2-E918-4550-8C57-6094564A30C2}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{EB123F55-ADDB-437F-B909-62D33B9806D9}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{23E4B20D-B276-4D1A-9A4F-8A325AFD2851}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{276A5961-78F1-4070-86B6-67916B88E199}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{D0082C66-BA17-4BA3-87F4-D29BDD793BA5}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{8558CCC7-7CCE-42DC-8A0F-0A3A3F9A35CA}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{094B8A81-7195-47FD-87BB-4952848CF39F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{C4A45943-24F5-478B-8B9A-8216AD924A40}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{FF4B9928-E6B3-437B-97ED-F9B64782DC0B}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{39747EF5-4579-4844-A2CD-76DE78233D9F}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{1E3ED866-CD56-4FA4-B43B-65E8C7C1EE3D}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{EA5F62BC-A066-4F4D-9A2C-58C9D2B91B22}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{EFA6D68A-C8B4-48B0-8BB4-3B275E74C303}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{15CA8929-FD91-4642-9FF9-EF0D7C494EC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{6AE2A987-3BD5-4FA3-B605-84AB022BFB66}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{94515EBD-FDCC-4FA6-949D-711C021D6A6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FC820206-DA2D-4063-A908-D3DA0DAF3C94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D118EF60-018A-40AA-907F-8E8677B2F131}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3A5D28CE-F119-475E-B888-23F9CFCF902E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8DA32694-4D93-45C3-8632-B606AB6BB30A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F9AE2CE-DF51-4838-AE51-069DF7754F53}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03AE3CDD-4D83-4840-9793-90F82D96139F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{44A39254-163F-4D75-9CC4-7B2E9EA45568}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{DF84B7AC-8326-48EF-AB8E-D8D609E73BE5}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{97AF4A79-79A2-4014-9D5A-A6E9B448EBAD}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{A7AAFF9A-2968-438A-BBC2-9BFA9D3C5B36}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DB6DE8C8-74AD-4B2C-AAD7-08916DCB7246}] => (Allow) C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3DF3F95C-D53B-43D7-8B15-126B344F4FAC}] => (Allow) C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FFB951D5-6F22-4F36-A956-4A804284923B}] => (Allow) C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5221F1D3-8445-479D-A08C-57B2EA997D64}] => (Allow) C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FEDFD719-112D-42FC-A0BE-12A54AA004C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1450 Dual-band (802.11a/b/g) USB 2.0 Adapter
Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB 2.0 Adapter
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2015 00:13:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2015 11:51:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2015 03:28:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/26/2015 01:36:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2015 08:03:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2015 00:38:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/23/2015 00:01:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.90, time stamp: 0x552c2225
Faulting module name: chrome.dll, version: 42.0.2311.90, time stamp: 0x552c1dea
Exception code: 0xc0000005
Fault offset: 0x001c9134
Faulting process id: 0xc0c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (04/23/2015 00:01:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 03:49:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/21/2015 08:02:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.90, time stamp: 0x552c2225
Faulting module name: chrome.dll, version: 42.0.2311.90, time stamp: 0x552c1dea
Exception code: 0xc0000005
Fault offset: 0x001c9134
Faulting process id: 0xd14
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

System errors:
=============
Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/26/2015 00:11:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (04/26/2015 00:13:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2015 11:51:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2015 03:28:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (04/26/2015 01:36:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2015 08:03:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2015 00:38:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (04/23/2015 00:01:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.90552c2225chrome.dll42.0.2311.90552c1deac0000005001c9134c0c01d07d8287aafa1dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\chrome.dlld228a738-e975-11e4-8c3e-d4bed9d131f9

Error: (04/23/2015 00:01:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 03:49:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (04/21/2015 08:02:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.90552c2225chrome.dll42.0.2311.90552c1deac0000005001c9134d1401d07c97e4365cfdC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\chrome.dll35bc36a4-e88b-11e4-b0c4-d4bed9d131f9

CodeIntegrity Errors:
===================================
  Date: 2015-02-12 00:23:24.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-11 05:40:40.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-11 05:39:36.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 03:54:47.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 03:54:47.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 03:54:28.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 03:33:29.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-11 03:33:54.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-11 03:33:54.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-11 03:33:05.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 20%
Total physical RAM: 8174.64 MB
Available physical RAM: 6471.84 MB
Total Pagefile: 16347.48 MB
Available Pagefile: 14110.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1844.7 GB) (Free:1577.81 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:119.19 GB) (Free:45.85 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 0EF3ACCD)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1844.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 119.2 GB) (Disk ID: 6984713B)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=0B)

==================== End Of Log ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)
  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

First
Please remove these programs from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
  • ActiveDeals
  • Search Protect
  • uTorrentControl_v6 Toolbar
If a program will not remove skip it and keep following instructions please.

Next
I have also noticed in your log file you are using µTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

Next

A few items to fix.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-05] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Andrew\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Andrew\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search Protect)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {39979857-CA76-4B27-BDBA-A97A6AFFA155} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...094154A312=
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...094154A312=
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {39979857-CA76-4B27-BDBA-A97A6AFFA155} URL = http://search.condui...8829497156&UM=2
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {8C76C316-788B-42E5-9B10-D5F6C84F616E} URL =
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2014-02-05 06:10:56&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: ccoomPareItApplic -> {48cbf556-ec62-4f55-a5a9-b088ff10d29f} -> C:\Program Files (x86)\ccoomPareItApplic\sndmlGnZSe2y0x.x64.dll [2015-04-20] ()
BHO: NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.x64.dll [2015-04-20] ()
BHO-x32: ccoomPareItApplic -> {48cbf556-ec62-4f55-a5a9-b088ff10d29f} -> C:\Program Files (x86)\ccoomPareItApplic\sndmlGnZSe2y0x.dll [2015-04-20] ()
BHO-x32: NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.dll [2015-04-20] ()
Toolbar: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-05] (AVG Secure Search)
FF DefaultSearchEngine: Trovi search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&CUI=UN19190656903089125&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://mysearch.avg.com?cid={9341B82C-2C15-4187-BA8F-86DB1D0C5816}&mid=37d20123b2084729955306c3b16bf1ed-d5a9ebbbd5f0de84f44fac4eb97a521d49a95c65&lang=en&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=2014-02-05 06:10:56&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN19190656903089125&UM=2&q=
FF NetworkProxy: "type", 0
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885 [2015-03-05]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
C:\Windows\system32\drivers\SPPD.sys
2015-04-20 16:30 - 2015-04-20 16:30 - 00000000 ____D () C:\ProgramData\{33f4074c-0d7e-4892-33f4-4074c0d71d30}
2015-04-20 16:19 - 2015-04-20 16:20 - 00000000 ____D () C:\Program Files (x86)\NoNoizzeBrowse
2015-04-20 16:18 - 2015-04-21 00:08 - 00000000 ____D () C:\Program Files (x86)\ccoomPareItApplic
2015-04-20 16:18 - 2015-04-20 16:20 - 00000000 ____D () C:\ProgramData\12094985290615386748
2015-04-20 16:18 - 2015-04-20 16:18 - 00000000 ____D () C:\Program Files (x86)\ActiveDeals
Task: {0915298A-AE90-4205-80C3-D17BADC47407} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe [2015-02-26] ()
C:\Program Files (x86)\AVG SafeGuard toolbar
Task: C:\Windows\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply post:
The fixlog.txt That log will be found on your desktop after fix is run.

Thanks
Joe :)
  • 0

#4
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Thank you for your very prompt reply, Joe!

 

I removed the programs you suggested: the UTorrent, UTorrent Control Toolbar, and Search and Protect.  However, unfortunately I was unable to successfully uninstall ActiveDeals.  Every time I clicked "UnInstall," it would say "Uninstalling xyz..." for a few seconds and then the ActiveDeals program was still on the list.

 

Below is my Fixlog after following the other steps:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015
Ran by Andrew at 2015-04-26 17:31:59 Run:1
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available profiles: Andrew)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Common Files\AVG Secure
Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-05] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Andrew\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Andrew\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search
Protect)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {39979857-CA76-4B27-BDBA-A97A6AFFA155} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes:
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...094154A312=
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...094154A312=
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {39979857-CA76-4B27-BDBA-A97A6AFFA155} URL = http://search.condui...8829497156&UM=2
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {8C76C316-788B-42E5-9B10-D5F6C84F616E} URL =
SearchScopes: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2014-02-05 06:10:56&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: ccoomPareItApplic -> {48cbf556-ec62-4f55-a5a9-b088ff10d29f} -> C:\Program Files (x86)\ccoomPareItApplic\sndmlGnZSe2y0x.x64.dll [2015-04-20] ()
BHO:
NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.x64.dll [2015-04-20] ()
BHO-x32: ccoomPareItApplic -> {48cbf556-ec62-4f55-a5a9-b088ff10d29f} -> C:\Program Files (x86)\ccoomPareItApplic\sndmlGnZSe2y0x.dll [2015-04-20] ()
BHO-x32: NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.dll [2015-04-20] ()
Toolbar: HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-05] (AVG Secure Search)
FF DefaultSearchEngine: Trovi search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&CUI=UN19190656903089125&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Trovi
search
FF Homepage: hxxp://mysearch.avg.com?cid={9341B82C-2C15-4187-BA8F-86DB1D0C5816}&mid=37d20123b2084729955306c3b16bf1ed-d5a9ebbbd5f0de84f44fac4eb97a521d49a95c65&lang=en&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=2014-02-05 06:10:56&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN19190656903089125&UM=2&q=
FF NetworkProxy: "type", 0
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885 [2015-03-05]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
C:\Windows\system32\drivers\SPPD.sys
2015-04-20 16:30 - 2015-04-20 16:30 - 00000000 ____D ()
C:\ProgramData\{33f4074c-0d7e-4892-33f4-4074c0d71d30}
2015-04-20 16:19 - 2015-04-20 16:20 - 00000000 ____D () C:\Program Files (x86)\NoNoizzeBrowse
2015-04-20 16:18 - 2015-04-21 00:08 - 00000000 ____D () C:\Program Files (x86)\ccoomPareItApplic
2015-04-20 16:18 - 2015-04-20 16:20 - 00000000 ____D () C:\ProgramData\12094985290615386748
2015-04-20 16:18 - 2015-04-20 16:18 - 00000000 ____D () C:\Program Files (x86)\ActiveDeals
Task: {0915298A-AE90-4205-80C3-D17BADC47407} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe [2015-02-26] ()
C:\Program Files (x86)\AVG SafeGuard toolbar
Task: C:\Windows\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc
=> ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Program Files (x86)\Common Files\AVG Secure" => File/Directory not found.
Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => value deleted successfully.
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Software\Microsoft\Windows\CurrentVersion\Run\\APISupport => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data not found.
Protect) => Error: No automatic fix found for this entry.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value Data not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{96f454ea-9d38-474f-b504-56193e00c1a5} => Value not found.
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{96f454ea-9d38-474f-b504-56193e00c1a5} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
SearchScopes: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...094154A312= => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39979857-CA76-4B27-BDBA-A97A6AFFA155}" => Key deleted successfully.
HKCR\CLSID\{39979857-CA76-4B27-BDBA-A97A6AFFA155} => Key not found.
"HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C76C316-788B-42E5-9B10-D5F6C84F616E}" => Key deleted successfully.
HKCR\CLSID\{8C76C316-788B-42E5-9B10-D5F6C84F616E} => Key not found.
"HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48cbf556-ec62-4f55-a5a9-b088ff10d29f}" => Key deleted successfully.
"HKCR\CLSID\{48cbf556-ec62-4f55-a5a9-b088ff10d29f}" => Key deleted successfully.
BHO: => Error: No automatic fix found for this entry.
NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.x64.dll [2015-04-20] () => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48cbf556-ec62-4f55-a5a9-b088ff10d29f}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{48cbf556-ec62-4f55-a5a9-b088ff10d29f}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{513b54fa-e135-41bf-aa30-d97a36984f36}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{513b54fa-e135-41bf-aa30-d97a36984f36}" => Key deleted successfully.
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{96F454EA-9D38-474F-B504-56193E00C1A5} => Value not found.
HKCR\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5} => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
search => Error: No automatic fix found for this entry.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
Firefox Proxy settings were reset.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885 => Moved successfully.
SPPD => Service not found.
"C:\Windows\system32\drivers\SPPD.sys" => File/Directory not found.
"2015-04-20 16:30 - 2015-04-20 16:30 - 00000000 ____D ()" => File/Directory not found.
C:\ProgramData\{33f4074c-0d7e-4892-33f4-4074c0d71d30} => Moved successfully.

"C:\Program Files (x86)\NoNoizzeBrowse" directory move:

Could not move "C:\Program Files (x86)\NoNoizzeBrowse" directory. => Scheduled to move on reboot.

C:\Program Files (x86)\ccoomPareItApplic => Moved successfully.
C:\ProgramData\12094985290615386748 => Moved successfully.
C:\Program Files (x86)\ActiveDeals => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0915298A-AE90-4205-80C3-D17BADC47407}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0915298A-AE90-4205-80C3-D17BADC47407}" => Key deleted successfully.
C:\Windows\System32\Tasks\0215tb_RML => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215tb_RML" => Key deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.
C:\Windows\Tasks\0215tb_RML.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => Error: No automatic fix found for this entry.
=> ""="Service" => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefire" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp" => Key deleted successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 8.5 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-26 17:39:25)<=

C:\Program Files (x86)\NoNoizzeBrowse => Is moved successfully.

==== End of Fixlog 17:39:25 ====


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log to your next reply.


  • 0

#6
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

I am having issues trying to paste it on here at moment.  It keeps spinning and spinning "saving post" but will not post the mbam log at this moment :(

 

Is the site having problems?


  • 0

#7
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

It would not post when I pasted, so I'm sending a file attachment.  Hopefully this works.

Attached Files


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
That's an incorrect log try again,

Open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log to your next reply.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
  • Malwarebytes log
  • Thanks
    Joe :)

  • 0

#9
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/26/2015
Scan Time: 10:29:07 PM
Logfile: Scan log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.26.05
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Andrew

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350078
Time Elapsed: 9 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MultiPlug, C:\ProgramData\{ba6e9f37-fb0d-a673-ba6e-e9f37fb07cdf}\B868.exe, 4452, Delete-on-Reboot, [5dd09ad70f7b20169bcdc286a75ba45c]

Modules: 0
(No malicious items detected)

Registry Keys: 6
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, Quarantined, [d25bb9b8a3e7df57723209510102956b],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\CFLHECKFMHOPNIALGHIGDLGGAHIOMEBP, Quarantined, [e24b2b46d2b86ec8c092368f20e3fc04],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [ad806d04cfbb60d6c79cfae251b25da3],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\CONDUIT\FF, Quarantined, [87a685ec5238a195ee8bc6695ea78b75],
PUP.Optional.ValueApps.A, HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\CONDUIT\ValueApps, Quarantined, [4ae3a5cc9feb1026ad07ac6801038977],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\CFLHECKFMHOPNIALGHIGDLGGAHIOMEBP, Quarantined, [d35a99d83c4e3bfb381bc7fe5fa46997],

Registry Values: 2
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cflheckfmhopnialghigdlggahiomebp|path, C:\Users\Andrew\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx, Quarantined, [e24b2b46d2b86ec8c092368f20e3fc04]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cflheckfmhopnialghigdlggahiomebp|path, C:\Users\Andrew\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx, Quarantined, [d35a99d83c4e3bfb381bc7fe5fa46997]

Registry Data: 0
(No malicious items detected)

Folders: 132
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\lib, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\options, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\tabs, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\tabs\back, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\toolbarAPI, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam\scripts, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam\scripts\contentScripts, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\images, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\res, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\api, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\msd, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\js\resources, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd\images, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spsd, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spsd\images, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\images, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gadgetFrame, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\img, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\img, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\Js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\resources, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\img, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\js\resources, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\Optimizer, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\Optimizer\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\css\custom-theme, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\images, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css\custom-theme, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\buildSettings, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\Css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\resources, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\view, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\view\script, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\view\style, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\view\style\rsx, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\img, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\core, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.alerts, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.alerts\images, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.jscrollpane, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\sl, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\_locales, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\_locales\en, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\CRE, Quarantined, [d954541d8505a78f80d1794c3ec59769],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagdkokiaiibigjeceplddhimhiehch\1.1, Quarantined, [1c119dd4226881b5ab3be2767d8838c8],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagdkokiaiibigjeceplddhimhiehch, Quarantined, [1c119dd4226881b5ab3be2767d8838c8],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda\149, Quarantined, [4de09cd5d7b390a6eff7cb8d4eb7758b],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda, Quarantined, [4de09cd5d7b390a6eff7cb8d4eb7758b],
PUP.Optional.Conduit, C:\Users\Andrew\AppData\Local\TBHostSupport, Quarantined, [9796007145451d198f38d3c1f80b629e],
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Local\TB\APISupport, Quarantined, [ad80cea31f6b56e0130c1097c0430df3],
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Local\TB\APISupport\MiniSP_1.0.6.20, Quarantined, [ad80cea31f6b56e0130c1097c0430df3],
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Local\TB\APISupport\MiniSP_1.0.6.20\Logs, Quarantined, [ad80cea31f6b56e0130c1097c0430df3],
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp, Quarantined, [ac81d69b6d1d80b62deb833abc47c63a],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_10, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_4, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_6, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_7, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_9, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_1_6, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_2_0, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],

Files: 618
PUP.Optional.MultiPlug, C:\ProgramData\{ba6e9f37-fb0d-a673-ba6e-e9f37fb07cdf}\B868.exe, Delete-on-Reboot, [5dd09ad70f7b20169bcdc286a75ba45c],
PUP.AdBundle, C:\Users\Andrew\Documents\mozilla firefox setup.exe, Quarantined, [8ca11f527b0fec4a6d39c603a65af20e],
PUP.Optional.InstallIQ.A, C:\Users\Andrew\Downloads\finalmediaplayer.exe, Quarantined, [ff2eee83c7c33bfb3ec14ef9d42d0ef2],
PUP.Optional.ClientConnect, C:\Users\Andrew\AppData\Local\TB\APISupport\APISupport.dll, Quarantined, [8da03140d3b777bfb044f4dbf90805fb],
PUP.Optional.ClientConnect, C:\Users\Andrew\AppData\Local\TB\APISupport\APISupport.old, Quarantined, [f33ac3aef694e2547183e6e99a67ea16],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\CT3289075.txt, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\128.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\48.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\634583052885979538.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\AbstractionLayerBack.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\AbstractionLayerFront.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\blank.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\CT3289075_public.txt, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\initdata.json, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\manifest.json, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\shouldShowTB.txt, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport\APISupport.dll, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\framework.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\bcview.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\chromeBackstage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\chromeBackstage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\chromeBackstageLoader.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\communicator.back.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\compatibility.end.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\compatibility.service.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\compatibility.start.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\contentScript.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\iframeHost.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\iframeHost.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\JSONStringify.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\logger.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\match.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\nativeMsgCom.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\navigationHandler.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\pluginLoader.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\pricegongMigration.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\toolbarEnv.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\updatesManager.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\verlyEarly.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\lib\jquery-1.5.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\options\Options.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\tabs\back\postNavigation.htm, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\toolbarAPI\toolbarAPI.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam\background.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam\settings.json, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam\scripts\background.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam\scripts\iframeHost.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam\scripts\iframeHost.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam\scripts\popup.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\mam\scripts\contentScripts\contentScript.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\nmHostConfig.json, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\nmHostManifest.json, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\initData.json, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\html\SearchBackground.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\html\searchInNewTabAPI.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\MostVisited.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\Applications.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\Bookmarks.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\CntRedirect.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\DeveloperMode.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\EmbeddedConfig.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\enable_disable.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\EventHandler.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\Global.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\LocationService.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\LogMsg.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\NewTabAPI.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\RecentlyClosed.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\SearchBox.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\SearchBoxIframe.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\ServiceMap.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\Settings.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\startupSequence.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\Thumbnails.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\Toolbar.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\Translation.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\API\Usage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\about_memory.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\alert_overlay.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\apps_page.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\bubble.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\chrome_shared.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\chrome_shared2.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\chrome_shared2_touch.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\dialogs.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\expandable_bubble.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\footer_menu.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\list.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\menu.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\most_visited_page.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\nav_dot.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\new_tab.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\new_tab_theme.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\overlay.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\spinner.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\suggestions_page.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\table.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\tabs.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\throbber.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\tile_page.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\trash.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\tree.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\ui_account_tweaks.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\css\widgets.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\html\alert_overlay.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\html\appLauncher.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\html\loadfile.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\html\NewTabBackground.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\html\new_tab.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\html\Options.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\html\redirect.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\html\trash.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\close_bar_mask.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\exclamationIcon.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\history_section.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\app_promo_button.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\check.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\checkbox_black.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\checkbox_white.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\closed_window.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\close_bar.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\close_bar_2x.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\close_bar_h.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\close_bar_h_2x.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\close_bar_mask_2x.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\close_bar_p.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\close_bar_p_2x.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\detected_sd.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\detected_usb.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\disabled_select.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\disclosure_triangle_mask.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\downloads_section.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\favicon.ico, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\favicon.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\folder_closed.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\folder_closed_rtl.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\folder_open.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\folder_open_rtl.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\gear.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\google-transparent.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\guest_icon_standalone.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\help.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\icon128.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\icon16.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\icon48.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\icon_checkmark.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\icon_file.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\icon_folder.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\icon_warning.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\icon_warning2.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\IDR_PRODUCT_LOGO.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\ImagesRepository.json, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\insert.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\minus.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\nub.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\nub_mask.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\otr_icon_standalone.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\phishing_icon.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\plus.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\select.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\small_bubble.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\spinner.svg, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\star_small.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\success.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\throbber.svg, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\thumbnailPlaceHolder.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\trash.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\trashBinN.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\WebStore128.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\x-hover.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\x.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\img\__IDR_PRODUCT_LOGO.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\context_menu_handler.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\i18n_template.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\alert_overlay.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\appLauncher.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\apps_page.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\autocomplete_list.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\Base64.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\bubble.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\card_slider.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\color-thief.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\command.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\command_line.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\context_menu_button.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\cr.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\database.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\dialogs.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\dot_list.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\drag_wrapper.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\event_target.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\event_tracker.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\expandable_bubble.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\focus_outline_manager.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\i18n_process.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\i18n_template2.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\jquery.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\link_controller.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\loadFile.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\load_time_data.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\local_strings.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\logerror.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\logging.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\md5.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\media_common.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\menu.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\menu_button.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\menu_item.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\most_visited_page.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\nav_dot.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\NewTabBackground.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\newTabBeforeStart.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\newTabLoadTimeData.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\new_tab.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\options.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\other_sessions.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\overlay.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\page_list_view.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\page_switcher.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\parse_html_subset.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\position_util.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\promise.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\quantize.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\recently_closed.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\repeating_button.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\SearchBoxPage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\search_history.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\splitter.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\suggestions_page.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\tile_page.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\touch_handler.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\trash.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\tree.css.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\tree.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\ui.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\ui_account_tweaks.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\util.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\Search\NewTabPages\js\ZipFile.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\backstage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\version.txt, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\al.view.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\aboutBox.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\images\logo.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\images\OK-Button-Default.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\images\OK-Button-MouseOver.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\images\OK-Button-OnClick.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\images\truste.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\images\x.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\aboutBox\js\aboutBox.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\appManager.controller.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\appManager.model.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\appManager.view.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\css\toolbar.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\minibrowser24.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\ajax-loader.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\buttonSprites.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\chevron_sprites.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\fallback24.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\ie8_mouseover_button.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\ie8_onclick_button.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\loader-icon.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\menu_arrow.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\minibrowser.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\mp_sprites.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\new_chevron_sprites.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\rounded_corners_left_transparent.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\rounded_corners_left_white.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\rounded_corners_left_white_34.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\rounded_corners_right_transparent.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\rounded_corners_right_white.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\rounded_corners_right_white_34.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\separator.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\separator_hover.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\uus.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\res\yoxscroll.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\api\toolbarapi.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\api\webAppApi.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\api\webAppApiFront.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\msd\excanvas.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\msd\trusted.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\msd\trusted.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\msd\untrusted.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\msd\untrusted.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\msd\untrusted.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\options.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\css\jquery.jscrollpane.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\css\options.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\css\reset.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\bg-hide-click.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\bg-hide.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\checkbox-check-off.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\checkbox-check-on.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\ic_Closer.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\ic_Closer_hover.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\logo.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\minibrowser.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\scroller.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\sprite-ok-button.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\truste.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\images\x.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\js\html5SupportIe.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\js\options.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\js\resources\html5shiv.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\js\resources\jquery.jscrollpane.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\options\js\resources\jquery.mousewheel.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\js\searchProtectorManager.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd\bubble.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd\bubble.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd\main.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd\images\information.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd\images\x-default-LTR.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd\images\x-default-RTL.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd\images\x-mouseover-LTR.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spbd\images\x-mouseover-RTL.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spsd\main.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spsd\SearchProtector.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spsd\settings.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spsd\images\ok-button.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spsd\images\separation-line.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\sp\spsd\images\warning.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menus.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\popups.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\DialogsAPI.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\excanvas.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\generalDialogStyle.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\PIE.htc, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\settings.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\main.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\app-store-icon.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\arrow.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\dialog_tip_left.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\dialog_tip_right.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\divider.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\emailNotifier.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\facebook.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\radio.GIF, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\Thumbs.db, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\truste_welcome.GIF, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\ftd\images\weather.GIF, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\main.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\restartDialog.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\restartDialog.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\images\2.0--spec--kicker.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\images\content-pattern.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\images\content-sep.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\images\OK-Button-Default.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\images\OK-Button-MouseOver.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\images\OK-Button-OnClick.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\dlg\restart\images\x.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gadgetFrame\gf.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gadgetFrame\lgf.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\gf.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\lgf.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\css\gf.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\css\gf_ie.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\img\ie_back.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\img\loader.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\img\resize.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\img\sprites.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\js\gf.view.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\js\lgf.view.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\popup.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\css\menu.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\img\arrow-down-strong.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\img\arrow-down.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\img\arrow-left-strong.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\img\arrow-left.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\img\arrow-right-strong.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\img\arrow-right.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\img\arrows.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\js\jquery.ellipsis.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\js\jquery.scrollTo-1.4.2-min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\js\menu.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\js\renderHandler.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\js\scrollers.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\menu\js\showHandler.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\browserAppApi.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\Js\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\resources\defaultEngineImage.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\bgPage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\popup.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\css\en.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\css\en_rtl.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\css\jquery.jscrollpane.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\AccountManager.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\bgPage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\EN.model.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\IMAPExecuter.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\Inboxer.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\Invoker.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\MailDecoder.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\MailMerger.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\POP3Executer.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\Popup.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\providerHelper.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\Providers.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\SettingsManager.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\Timer.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\Translation.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js\Utils.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\embedded.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\popup.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\css\embedded.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\css\popup.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\css\reset.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\js\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\js\embedded.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\js\higlighter_script.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\js\popup.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\popup.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\css\popup.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\img\arrows.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\img\badges.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\img\icons.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\js\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\js\popup.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\MULTI_RSS\js\resources\webAppUtils.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\embedded.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\NotificationPopup.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\Settings.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\css\gadget.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\css\general.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\css\Main.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\css\newMain.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\css\settings.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\css\ui.stepper.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\closeIcon.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\downArrow.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\settingsIcon.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\upArrow.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark\close.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark\Next.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark\Next_hover.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark\powered-by.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark\Prev.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark\Prev_hover.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark\settings.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light\close.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light\Next.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light\Next_hover.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light\powered-by.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light\Prev.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light\Prev_hover.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light\settings.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\AppName.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\bgpageEarly.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\commons.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\jquery.ezmark.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\notification.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\NotificationSettings.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\notificationUIManger.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\Settings.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\stepper.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\NOTIFICATION\js\ToolbarAndAppsSettings.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\Optimizer\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\Optimizer\js\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\pg_offers.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\pg_offers.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement\agree.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement\agree.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement\Close.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement\Image.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement\Logo.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement\OK_Btn.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement\Topbg.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\css\gadget.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\css\ie7styles.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\css\iestyle.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\css\custom-theme\jquery-ui-1.8.10.custom.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\PRICE_GONG\images\icon.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\embedded.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\popup2.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css\gadget.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css\jquery.jscrollpane.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css\reset.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css\stations.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css\custom-theme\jquery-ui-1.8.10.custom.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\bgpageEarly.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\embedded.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\embeddedEarly.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\localization.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\player.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\popup.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources\BrowserDetect.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources\jquery-ui-1.8.10.custom.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources\jquery.jscrollpane.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources\jquery.scrollTo-1.4.2-min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources\radioCommon.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources\system.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources\utils.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\embedded.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\information.popup.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\buildSettings\SearchApp_Ant.xml, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\Css\information.popup.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js\common.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js\contentManager.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js\historyProvider.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js\information.popup.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js\layoutManager.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js\searchListener.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js\selectionListener.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\js\suggestProvider.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\resources\history--x-default.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\resources\history--x-mouseover.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\resources\menu.icon.apps.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\view\script\view.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\view\style\default.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\view\style\rsx\dd-arrow.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\SEARCH\view\style\rsx\ie8.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\popup.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\popup.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\img\icons.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\img\inbox.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\img\scroll_down.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\img\scroll_up.png, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\js\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\js\localization.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\TWITTER\js\popup.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\bgpage.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\popup.html, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\css\gadget.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\css\ie7styles.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\css\iestyle.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js\bgpage.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js\common.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js\date-functions.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js\gadget.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js\jquery.autocomplete.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js\jquery.textshadow.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js\logic.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js\main.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\wa\WEATHER\js\xPath.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\core\corelibs.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\core\framework.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\core\utils.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\al.view.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\al.viewPerformanceLog.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\background.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\ie_fix.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.mousewheel.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.text-overflow.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.tmpl.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.xml2json.custom.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.xml2json.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\json2.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\json2.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\script2injectEmbedded.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\script2injectPopup.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\sdk.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.alerts\jquery.alerts.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.alerts\jquery.alerts.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.alerts\images\help.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.alerts\images\important.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.alerts\images\info.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.alerts\images\title.gif, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.jscrollpane\jquery.jscrollpane.css, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\lib\jquery.jscrollpane\jquery.jscrollpane.min.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\sl\serviceLayer.js, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\_locales\en\messages.json, Quarantined, [d15cd59c2763211567e7eadb40c3639d],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx, Quarantined, [d954541d8505a78f80d1794c3ec59769],
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3cuohms2.default\searchplugins\utorrentcontrolv6-customized-web-search.xml, Quarantined, [fb32adc44e3c63d39fddf0e861a26c94],
PUP.Optional.Trovi.A, C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3cuohms2.default\searchplugins\trovi-search.xml, Quarantined, [0d20eb86b5d5aa8cdb9f50ae4eb58779],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagdkokiaiibigjeceplddhimhiehch\1.1\lsdb.js, Quarantined, [1c119dd4226881b5ab3be2767d8838c8],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagdkokiaiibigjeceplddhimhiehch\1.1\background.html, Quarantined, [1c119dd4226881b5ab3be2767d8838c8],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagdkokiaiibigjeceplddhimhiehch\1.1\content.js, Quarantined, [1c119dd4226881b5ab3be2767d8838c8],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagdkokiaiibigjeceplddhimhiehch\1.1\G.js, Quarantined, [1c119dd4226881b5ab3be2767d8838c8],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagdkokiaiibigjeceplddhimhiehch\1.1\manifest.json, Quarantined, [1c119dd4226881b5ab3be2767d8838c8],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda\149\lsdb.js, Quarantined, [4de09cd5d7b390a6eff7cb8d4eb7758b],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda\149\background.html, Quarantined, [4de09cd5d7b390a6eff7cb8d4eb7758b],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda\149\content.js, Quarantined, [4de09cd5d7b390a6eff7cb8d4eb7758b],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda\149\manifest.json, Quarantined, [4de09cd5d7b390a6eff7cb8d4eb7758b],
PUP.Optional.MultiPlug.A, C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda\149\N2t.js, Quarantined, [4de09cd5d7b390a6eff7cb8d4eb7758b],
PUP.Optional.Conduit, C:\Users\Andrew\AppData\Local\TBHostSupport\TBHostSupport.dll, Quarantined, [9796007145451d198f38d3c1f80b629e],
PUP.Optional.Conduit, C:\Users\Andrew\AppData\Local\TBHostSupport\TBHostSupport_0.dll, Quarantined, [9796007145451d198f38d3c1f80b629e],
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Local\TB\APISupport\MiniSP_1.0.6.20\Cvc.dat, Quarantined, [ad80cea31f6b56e0130c1097c0430df3],
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Local\TB\APISupport\MiniSP_1.0.6.20\MiniSP32.dll, Quarantined, [ad80cea31f6b56e0130c1097c0430df3],
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Local\TB\APISupport\MiniSP_1.0.6.20\rep.dat, Quarantined, [ad80cea31f6b56e0130c1097c0430df3],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\nmHostManifest.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_10\nmHostConfig.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_10\nmHostManifest.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_10\TBMessagingHost.exe, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_4\nmHostConfig.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_4\nmHostManifest.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_4\TBMessagingHost.exe, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_6\nmHostConfig.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_6\nmHostManifest.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_6\TBMessagingHost.exe, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_7\nmHostConfig.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_7\nmHostManifest.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_7\TBMessagingHost.exe, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_9\nmHostConfig.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_9\nmHostManifest.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_0_9\TBMessagingHost.exe, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_1_6\nmHostConfig.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_1_6\nmHostManifest.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_1_6\TBMessagingHost.exe, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_2_0\nmHostConfig.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_2_0\nmHostManifest.json, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.ConduitTB.Gen, C:\Users\Andrew\AppData\Local\NativeMessaging\CT3289075\1_0_2_0\TBMessagingHost.exe, Quarantined, [ae7fa9c8c6c43bfb203fd6ee25de30d0],
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3cuohms2.default\prefs.js, Good: (), Bad: (user_pref("CT3289075.SearchFromAddressBarUrl", "http://search.condui...03089125&UM=2=");), Replaced,[929bf081187279bda46abb8f5aacb947]
PUP.Optional.Conduit.A, C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3cuohms2.default\prefs.js, Good: (), Bad: (user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.condui...PV=&Lay=1&UM=2\"}");), Replaced,[ea430d641377fe388795db6ff511ba46]

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Thanks that looks better.
Don't forget the other 2 scans in post #8--> AdwCleaner and Junkware removal tool. Run those scans an post the log reports.
  • 0

Advertisements


#11
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Sorry I forgot to scan the other 2!  Here is the AdwCleaner & Junkware Removal Tool!  Thanks!

 

# AdwCleaner v4.202 - Logfile created 28/04/2015 at 23:51:59
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Andrew - ANDREW-PC
# Running from : C:\Users\Andrew\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\{ba6e9f37-fb0d-a673-ba6e-e9f37fb07cdf}
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Andrew\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Andrew\AppData\Local\Conduit
Folder Deleted : C:\Users\Andrew\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Andrew\AppData\Local\VideoConverter
Folder Deleted : C:\Users\Andrew\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Conduit
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[3cuohms2.default\prefs.js] - Line Deleted : user_pref("CT3289075.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("CT3289075.embeddedsData", "[{\"appId\":\"130064539389933152\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("CT3289075.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("CT3289075.smartbar.CTID", "CT3289075");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("CT3289075.smartbar.Uninstall", "0");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("CT3289075.smartbar.homepage", "true");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("CT3289075.smartbar.toolbarName", "uTorrentControl_v6 ");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN19190656903089125&UM=2&UP=SP24C11735-22CC-49F7-9CD1-45094154A312");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v6 Customized Web Search");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN19190656903089125&UM=2&q=");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289075");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl_v6 Customized Web Search");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289075");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN19190656903089125&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource[...]
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN19190656903089125&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?oct[...]
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289075");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289075");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "9OVA+6NDHLBLP+T8XYITJHA6YBS42JC/V6FWFEDNP1JVP/2NZO6LZ5S8/PB7AJERYSU5V+840I1BFZZQDUOUBG");
[3cuohms2.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN19190656903089125&UM=2&SearchSource=13");

-\\ Google Chrome v42.0.2311.90

[C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

*************************

AdwCleaner[R0].txt - [25668 bytes] - [28/04/2015 23:50:24]
AdwCleaner[S0].txt - [9653 bytes] - [28/04/2015 23:51:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9712  bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.6 (04.28.2015:1)
OS: Windows 7 Professional x64
Ran by Andrew on Wed 04/29/2015 at  0:03:18.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Users\Andrew\appdata\local\google\chrome\user data\default\local storage\https_inst.shoppingate.info_0.localstorage-journal
Successfully deleted: [File] C:\Users\Andrew\appdata\local\google\chrome\user data\default\local storage\https_inst.shoppingate.info_0.localstorage

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Andrew\appdata\local\{10941933-614A-40D3-AD2D-86FDCDA6BD14}
Successfully deleted: [Empty Folder] C:\Users\Andrew\appdata\local\{57E95045-9037-4A8A-95B5-958E0F8DF972}
Successfully deleted: [Empty Folder] C:\Users\Andrew\appdata\local\{CEAB91EC-15A7-45F7-91A6-1D47C85AA966}
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Andrew\AppData\Roaming\pcdr

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\3cuohms2.default\smartbar
Successfully deleted: [Folder] C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\3cuohms2.default\extensions\staged
Successfully deleted the following from C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\3cuohms2.default\prefs.js

user_pref(CT3289075.BT_Stats.enc, eyJsYXN0X2xvZyI6MTM4ODcyOTk5OCwidXVpZCI6MTk2MjQ0NDgxMzU0NzgsInNlcV9pZCI6MTQsInNzYiI6MTM3Mzc4NzI2M30=);
user_pref(CT3289075.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289075.FF19Solved, true);
user_pref(CT3289075.Facebook_Mode.enc, Mg==);
user_pref(CT3289075.Facebook_User_Locale.enc, ZW4=);
user_pref(CT3289075.FirstTime, true);
user_pref(CT3289075.FirstTimeFF3, true);
user_pref(CT3289075.LAST_CLIENT_STATS_SUBMIT_2.enc, MTM3NTQ4OTQyNA==);
user_pref(CT3289075.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc, MTM3NTQ4OTQzNw==);
user_pref(CT3289075.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MQ==);
user_pref(CT3289075.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MTM3NTQ4OTQzNw==);
user_pref(CT3289075.PG_ENABLE, dHJ1ZQ==);
user_pref(CT3289075.SF_JUST_INSTALLED.enc, RkFMU0U=);
user_pref(CT3289075.SF_STATUS.enc, RU5BQkxFRA==);
user_pref(CT3289075.SF_USER_ID.enc, Y2lkXzI4MjAxMzE5MjM0MzEwMjQ4NzY=);
user_pref(CT3289075.UserID, UN19190656903089125);
user_pref(CT3289075._key_cl_active, %B8%BE%B8%BD%E7%B7%BC%EB%B3%B6%E8%EA%EC%B3%BA%BF%EC%B8%B3%BE%BC%B7%EC%B3%B6%EC%EB%EA%BE%EC%BA%BA%E9%BA%E9%E9);
user_pref(CT3289075._key_cl_active.enc, MjgyN2ExNmUtMGJkZi00OWYyLTg2MWYtMGZlZDhmNDRjNGNj);
user_pref(CT3289075.acp_personal.appstate.enc, ZW5hYmxl);
user_pref(CT3289075.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3289075.browser.search.defaultthis.engineName, true);
user_pref(CT3289075.cb_user_id_000, %C9%C8%BC%B6%BE%B7%B8%BC%B7%B8%BB%B9%BD%BD%E5%B7%B9%BE%BB%BE%B9%B9%B6%BA%BA%B6%BC%B6%E5%CC%EF%F8%EB%EC%F5%FE);
user_pref(CT3289075.cb_user_id_000.enc, Q0I2MDgxMjYxMjUzNzdfMTM4NTgzMzA0NDA2MF9GaXJlZm94);
user_pref(CT3289075.cbfirsttime.enc, RnJpIEF1ZyAwMiAyMDEzIDE5OjI3OjE5IEdNVC0wNTAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp);
user_pref(CT3289075.countryCode, US);
user_pref(CT3289075.defaultSearch, true);
user_pref(CT3289075.enableFix404ByUser, FALSE);
user_pref(CT3289075.enableSearchFromAddressBar, true);
user_pref(CT3289075.firstTimeDialogOpened, true);
user_pref(CT3289075.fixPageNotFoundErrorByUser, TRUE);
user_pref(CT3289075.fixPageNotFoundErrorInHidden, true);
user_pref(CT3289075.fixUrls, true);
user_pref(CT3289075.fullUserID, UN19190656903089125.UP.20130803210747);
user_pref(CT3289075.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc, cmVzaXphYmxlPTAsc2F2ZXJlc2l6ZWRzaXplPTAsdGl0bGViYXI9MCxjbG9zZW9uZXh0ZXJuYWxjbGljaz0xLHNhdmVsb2NhdGlvbj
user_pref(CT3289075.installDate, 14/7/2013 2:33:34);
user_pref(CT3289075.installSessionId, -1);
user_pref(CT3289075.installSp, TRUE);
user_pref(CT3289075.installType, xpe);
user_pref(CT3289075.installUsage, 2013-07-14T10:34:22.1853661+03:00);
user_pref(CT3289075.installUsageEarly, 2013-07-14T10:34:21.3884758+03:00);
user_pref(CT3289075.installerVersion, 1.4.2.3);
user_pref(CT3289075.isCheckedStartAsHidden, true);
user_pref(CT3289075.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289075.isFirstTimeToolbarLoading, false);
user_pref(CT3289075.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3289075.keyword, true);
user_pref(CT3289075.lastVersion, 10.20.0.513);
user_pref(CT3289075.mam_gk_appStateReportTime, %B7%B9%BE%BE%BD%B8%BC%BA%BF%BD%BA%B8%B6);
user_pref(CT3289075.mam_gk_appStateReportTime.enc, MTM4ODcyNjQ5NzQyMA==);
user_pref(CT3289075.mam_gk_appState_ACplus.enc, b24=);
user_pref(CT3289075.mam_gk_appState_Clarity_Active, %F5%F4);
user_pref(CT3289075.mam_gk_appState_Clarity_Active.enc, b24=);
user_pref(CT3289075.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3289075.mam_gk_appState_Easytobook.enc, b24=);
user_pref(CT3289075.mam_gk_appState_Easytobook_targeted.enc, b24=);
user_pref(CT3289075.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3289075.mam_gk_appState_WindowShopper.enc, b24=);
user_pref(CT3289075.mam_gk_appsConfig.enc, eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY
user_pref(CT3289075.mam_gk_appsDefaultEnabled, %F4%FB%F2%F2);
user_pref(CT3289075.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT3289075.mam_gk_calledSetupService.enc, MQ==);
user_pref(CT3289075.mam_gk_currentVersion, %B7%B4%B7%B8%B4%B6%B4%BB);
user_pref(CT3289075.mam_gk_currentVersion.enc, MS4xMi4wLjU=);
user_pref(CT3289075.mam_gk_eventsCache.enc, eyI3ZTMwNjZmZi1lMjNjLTQyZTgtOTVkOC1lODY5NzQ5ZjM5YjMiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv
user_pref(CT3289075.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT3289075.mam_gk_first_time, %B7);
user_pref(CT3289075.mam_gk_first_time.enc, MQ==);
user_pref(CT3289075.mam_gk_gadgetOpen.enc, d2VsY29tZQ==);
user_pref(CT3289075.mam_gk_globalKeysMigratedToLocalStorage, %B7);
user_pref(CT3289075.mam_gk_globalKeysMigratedToLocalStorage.enc, MQ==);
user_pref(CT3289075.mam_gk_installer_preapproved.enc, ZmFsc2U=);
user_pref(CT3289075.mam_gk_lastLoginTime, %B7%B9%BE%BE%BD%B8%BC%BA%BF%BD%BB%B9%B6);
user_pref(CT3289075.mam_gk_lastLoginTime.enc, MTM4ODcyNjQ5NzUzMA==);
user_pref(CT3289075.mam_gk_localization.enc, eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXB
user_pref(CT3289075.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3289075.mam_gk_settings1.10.2.5.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT3289075.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMDEiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjgzXzAiLCJpc1Rlc3Q
user_pref(CT3289075.mam_gk_settings1.11.5.1, ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%
user_pref(CT3289075.mam_gk_settings1.11.5.1.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMDYiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjgzXzAiLCJpc1Rlc3Q
user_pref(CT3289075.mam_gk_settings1.12.0.5, ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%
user_pref(CT3289075.mam_gk_settings1.12.0.5.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAxMDMiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjgzXzAiLCJpc1Rlc3Q
user_pref(CT3289075.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3289075.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3289075.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT3289075.mam_gk_showWelcomeGadget, %EC%E7%F2%F9%EB);
user_pref(CT3289075.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT3289075.mam_gk_stamp, %BE%B9%E5%B6);
user_pref(CT3289075.mam_gk_stamp.enc, ODNfMA==);
user_pref(CT3289075.mam_gk_userId, %B6%BF%B6%BD%B7%BC%E8%B8%B3%B7%E9%BA%BC%B3%BA%BD%BB%BC%B3%E8%BD%BB%EA%B3%EC%EC%B6%EA%B8%B7%EA%B8%E7%E9%B7%BB);
user_pref(CT3289075.mam_gk_userId.enc, MDkwNzE2YjItMWM0Ni00NzU2LWI3NWQtZmYwZDIxZDJhYzE1);
user_pref(CT3289075.mam_gk_user_approval_interacted, %B7);
user_pref(CT3289075.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT3289075.mam_gk_welcomeDialogMode, %B7);
user_pref(CT3289075.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT3289075.migrateAppsAndComponents, true);
user_pref(CT3289075.navigationAliasesJson, {\EB_SEARCH_TERM\:\moon\,\EB_MAIN_FRAME_URL\:\hxxp%3A%2F%2Fwww.youtube.com%2F\,\EB_MAIN_FRAME_TITLE\:\YouTube\,\EB_T
user_pref(CT3289075.openThankYouPage, false);
user_pref(CT3289075.openUninstallPage, false);
user_pref(CT3289075.originalHomepage, about:home);
user_pref(CT3289075.originalSearchAddressUrl, );
user_pref(CT3289075.originalSearchEngine, );
user_pref(CT3289075.price-gong.isManagedApp, true);
user_pref(CT3289075.revertSettingsEnabled, FALSE);
user_pref(CT3289075.search.searchAppId, 130064539389933152);
user_pref(CT3289075.search.searchCount, 0);
user_pref(CT3289075.searchFromAddressBarEnabledByUser, true);
user_pref(CT3289075.searchInNewTabEnabledByUser, true);
user_pref(CT3289075.searchInNewTabEnabledInHidden, true);
user_pref(CT3289075.searchRevert, FALSE);
user_pref(CT3289075.searchSuggestEnabledByUser, true);
user_pref(CT3289075.searchUserMode, 2);
user_pref(CT3289075.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289075.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3289075.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3289075.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3289075\});
user_pref(CT3289075.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://uTorrentControlv6.OurToolbar.com//xpi\});
user_pref(CT3289075.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\uTorrentControl_v6 \});
user_pref(CT3289075.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289075.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT3289075.serviceLayer_services_Configuration_lastUpdate, 1388728316433);
user_pref(CT3289075.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1388641911262);
user_pref(CT3289075.serviceLayer_services_appTracking_lastUpdate, 1381381005703);
user_pref(CT3289075.serviceLayer_services_appsMetadata_lastUpdate, 1388736372703);
user_pref(CT3289075.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1388641911196);
user_pref(CT3289075.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1373787261132);
user_pref(CT3289075.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1373787262036);
user_pref(CT3289075.serviceLayer_services_location_lastUpdate, 1375489540377);
user_pref(CT3289075.serviceLayer_services_login_10.16.2.9_lastUpdate, 1375489540585);
user_pref(CT3289075.serviceLayer_services_login_10.16.4.519_lastUpdate, 1375995148258);
user_pref(CT3289075.serviceLayer_services_login_10.16.70.505_lastUpdate, 1381478429859);
user_pref(CT3289075.serviceLayer_services_login_10.20.0.513_lastUpdate, 1388741071364);
user_pref(CT3289075.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1388641911243);
user_pref(CT3289075.serviceLayer_services_searchAPI_lastUpdate, 1388728316430);
user_pref(CT3289075.serviceLayer_services_serviceMap_lastUpdate, 1388728316172);
user_pref(CT3289075.serviceLayer_services_toolbarContextMenu_lastUpdate, 1388736377189);
user_pref(CT3289075.serviceLayer_services_toolbarSettings_lastUpdate, 1388736370890);
user_pref(CT3289075.serviceLayer_services_translation_lastUpdate, 1388728316036);
user_pref(CT3289075.settingsINI, true);
user_pref(CT3289075.shouldFirstTimeDialog, false);
user_pref(CT3289075.showToolbarPermission, false);
user_pref(CT3289075.startPage, true);
user_pref(CT3289075.toolbarBornServerTime, 14-7-2013);
user_pref(CT3289075.toolbarCurrentServerTime, 3-1-2014);
user_pref(CT3289075.toolbarLoginClientTime, Sun Jul 14 2013 02:34:21 GMT-0500 (Central Standard Time));
user_pref(CT3289075.url_history0001, %EE%FA%FA%F6%F9%C0%B5%B5%FD%FD%FD%B4%EC%E7%E9%EB%E8%F5%F5%F1%B4%E9%F5%F3%B5%C5%F8%EB%EC%C3%F2%F5%ED%F5%C0%C0%C0%E9%F2%EF%E9%F1%EE%E7%F4
user_pref(CT3289075.url_history0001.enc, aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tLz9yZWY9bG9nbzo6OmNsaWNraGFuZGxlcjo6OjEzODg3NDI3ODU3MjQsLCxodHRwczovL3d3dy5mYWNlYm9vay5jb20vP3JlZj1
user_pref(CT3289075.versionFromInstaller, 10.16.2.9);
user_pref(CT3289075_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1388641908159,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
Emptied folder: C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\3cuohms2.default\minidumps [42 files]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/29/2015 at  0:06:06.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Next

Uninstall / reinstall Chrome because malware has changed it to a develoment build.

1.Close all Chrome windows and tabs.
2.Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
3.Click Programs and Features.
4.Double-click Google Chrome.
5.Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.

If you have Bookmarks that you want to save, you want to do that first.

Export / Import Bookmarks.
https://support.goog...wer/96816?hl=en
Then reinstall Chrome from here-->http://www.google.com/chrome/

Then

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

    Thanks
    Joe :)





  • 0

#13
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Here's the problem with Google Chrome when I follow your instructions from the Control Panel:

 

When I try to uninstall, I get the pop-up message:  "Please close all Google Chrome windows and try again."  I even get this after restarting the computer and not opening anything up yet at all.


Edited by Krueg9651, 02 May 2015 - 12:22 AM.

  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

Try booting to safe mode and uninstall Chrome from there.

Let me know.

Joe
  • 0

#15
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Worked via Safe mode, thanks!  Below is my log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by Andrew (administrator) on ANDREW-PC on 02-05-2015 08:16:35
Running from C:\Users\Andrew\Desktop\Virus removal
Loaded Profiles: Andrew (Available profiles: Andrew)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
() C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DELL) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Chicony_OSD] => C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1192664 2012-07-10] ()
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [Spotify] => C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe [7609560 2012-07-10] (Spotify Ltd)
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B868.lnk [2015-04-12]
ShortcutTarget: B868.lnk -> C:\ProgramData\{ba6e9f37-fb0d-a673-ba6e-e9f37fb07cdf}\B868.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM -> {8C76C316-788B-42E5-9B10-D5F6C84F616E} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {8C76C316-788B-42E5-9B10-D5F6C84F616E} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.x64.dll No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2013-03-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2013-03-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3cuohms2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2013-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2013-03-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-05-22]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-05-22]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Andrew\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-14]
CHR HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 08:16 - 2015-05-02 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-29 17:35 - 2015-05-01 17:23 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-04-29 17:35 - 2015-04-29 17:36 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\PCDr
2015-04-29 17:35 - 2015-04-29 17:35 - 00000000 ____D () C:\ProgramData\PCDr
2015-04-29 00:06 - 2015-04-29 00:06 - 00013956 _____ () C:\Users\Andrew\Desktop\JRT.txt
2015-04-29 00:03 - 2015-04-29 00:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ANDREW-PC-Windows-7-Professional-(64-bit).dat
2015-04-29 00:03 - 2015-04-29 00:03 - 00000000 ____D () C:\RegBackup
2015-04-29 00:01 - 2015-04-29 00:01 - 02716174 _____ (Thisisu) C:\Users\Andrew\Desktop\JRT.exe
2015-04-28 23:49 - 2015-04-28 23:52 - 00000000 ____D () C:\AdwCleaner
2015-04-28 23:47 - 2015-04-28 23:48 - 02224640 _____ () C:\Users\Andrew\Desktop\adwcleaner_4.202.exe
2015-04-26 22:28 - 2015-05-02 08:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 22:28 - 2015-04-26 22:28 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 22:28 - 2015-04-26 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 22:28 - 2015-04-26 22:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-26 22:28 - 2015-04-26 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 22:28 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-26 22:28 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-26 22:28 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-26 22:26 - 2015-04-26 22:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Andrew\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-26 17:26 - 2015-04-26 13:08 - 02101248 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2015-04-26 17:20 - 2015-04-26 17:20 - 00003204 _____ () C:\Windows\System32\Tasks\{DBA83F44-902D-4C39-BA89-85777B6EDCE4}
2015-04-26 17:17 - 2015-04-26 17:17 - 00003204 _____ () C:\Windows\System32\Tasks\{A9936503-88F6-46F8-8E84-2743BFD35E91}
2015-04-26 13:24 - 2015-05-02 08:16 - 00000000 ____D () C:\FRST
2015-04-26 13:23 - 2015-05-02 08:16 - 00000000 ____D () C:\Users\Andrew\Desktop\Virus removal
2015-04-20 16:20 - 2015-04-20 16:20 - 00000000 ____D () C:\Program Files (x86)\Use VLC for YouTube
2015-04-20 16:19 - 2015-05-01 06:14 - 00000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2015-04-19 12:08 - 2015-04-19 12:11 - 00000000 ____D () C:\Users\Andrew\Downloads\Real.Time.With.Bill.Maher.2015.04.17.HDTV.x264-BATV[ettv]
2015-04-15 20:38 - 2015-04-15 20:38 - 00390045 _____ () C:\Users\Andrew\Downloads\Info Meeting.pptx
2015-04-15 06:37 - 2015-04-15 06:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 06:37 - 2015-04-15 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-15 06:22 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 06:22 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 06:22 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 06:22 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 06:22 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 06:22 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 06:22 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 06:22 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 06:22 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 06:22 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 06:22 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 06:22 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 06:22 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 06:22 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 06:22 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 06:22 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 06:22 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 06:22 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 06:22 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 06:22 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 06:22 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 06:22 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 06:22 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 06:22 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 06:22 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 06:22 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 06:22 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 06:22 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 06:22 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 06:22 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 06:22 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 06:22 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 06:22 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 06:22 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 06:22 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 06:22 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 06:22 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 06:22 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 06:22 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 06:22 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 06:22 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 06:22 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 06:22 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 06:22 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 06:22 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 06:22 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 06:22 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 06:21 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 06:21 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 06:21 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 06:21 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 06:21 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 06:21 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 06:21 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 06:21 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 06:21 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 06:21 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 06:21 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 06:21 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 06:21 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 06:21 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 06:21 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 06:21 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 06:21 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 06:21 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 06:21 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 06:21 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 06:21 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 06:21 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 06:21 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 06:21 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 06:21 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 06:21 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 06:21 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 06:21 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 06:21 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 06:21 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 06:21 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 06:21 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 06:21 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 06:21 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 06:21 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 06:21 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 06:21 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 06:21 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 06:21 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 06:21 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 06:21 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 06:21 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 06:21 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 06:21 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 06:21 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 06:21 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 06:21 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 06:21 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 06:21 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 06:21 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 06:21 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 06:21 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 06:21 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 06:21 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 06:21 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 06:21 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 06:21 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 06:21 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 06:21 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 06:21 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 06:21 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 06:21 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-12 14:06 - 2015-04-12 14:20 - 00000000 ____D () C:\Users\Andrew\Downloads\Inherent Vice 2014 1080p BRRip x264 DTS-JYK
2015-04-12 13:05 - 2015-04-12 13:18 - 00000000 ____D () C:\Users\Andrew\Downloads\Predestination (2014) [1080p]
2015-04-12 11:36 - 2015-04-12 11:54 - 1682835917 ____R () C:\Users\Andrew\Downloads\Game.of.Thrones.S04E10.720p.HDTV.x264-KILLERS.mkv
2015-04-12 11:15 - 2015-04-12 11:17 - 00000000 ____D () C:\Users\Andrew\Downloads\Game of Thrones S05E04 WEBRip XviD-FUM[ettv]
2015-04-12 11:05 - 2015-04-12 11:09 - 00000000 ____D () C:\Users\Andrew\Downloads\Game of Thrones S05E03 WEBRip XviD-FUM[ettv]
2015-04-12 10:54 - 2015-04-12 11:03 - 388899911 ____R () C:\Users\Andrew\Downloads\Game.of.Thrones.S05E02.HDTV.x264-Xclusive.mp4
2015-04-12 10:46 - 2015-04-12 10:52 - 312338446 ____R () C:\Users\Andrew\Downloads\Game.of.Thrones.S05E01.HDTV.x264-Xclusive.mp4
2015-04-11 11:20 - 2015-04-11 11:21 - 3109865732 _____ () C:\Users\Andrew\Whiplash 2014 1080p BRRip x264 DTS-JYK.mpg
2015-04-11 11:13 - 2015-04-11 11:13 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Movavi
2015-04-11 11:12 - 2015-04-11 11:12 - 00001162 _____ () C:\Users\Public\Desktop\Movavi Video Converter 15.lnk
2015-04-11 11:12 - 2015-04-11 11:12 - 00000000 ____D () C:\ProgramData\Movavi
2015-04-11 11:12 - 2015-04-11 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 15
2015-04-11 11:12 - 2015-04-11 11:12 - 00000000 ____D () C:\Program Files (x86)\Movavi Video Converter 15
2015-04-11 10:58 - 2015-04-11 11:01 - 385270798 ____R () C:\Users\Andrew\Downloads\Shameless.US.S05E12.HDTV.x264-LOL.mp4
2015-04-11 10:46 - 2015-04-11 10:50 - 337247945 ____R () C:\Users\Andrew\Downloads\Real.Time.With.Bill.Maher.2015.04.10.HDTV.x264-BATV.mp4
2015-04-05 22:24 - 2015-04-05 22:36 - 00000000 ____D () C:\Users\Andrew\Downloads\Saturday.Night.Live.S40E17.Michael.Keaton-Carly.Rae.Jepsen.UNCUT.iNTERNAL.HDTV.x264-W4F[ettv]
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 00:22 - 2015-04-04 00:24 - 00000000 ____D () C:\Users\Andrew\Downloads\Men.Women.And.Children.2014.1080p.BluRay.H264.AAC.5.1.BADASSMEDIA
2015-04-03 22:50 - 2015-04-03 22:54 - 00000000 ____D () C:\Users\Andrew\Downloads\Going Clear Scientology and the Prison of Belief 2015 HDTV x264-FUM[ettv]
2015-04-03 04:22 - 2015-04-03 04:26 - 373878477 ____R () C:\Users\Andrew\Downloads\Shameless.US.S05E10.HDTV.x264-LOL.mp4
2015-04-03 04:21 - 2015-04-03 04:25 - 383775215 ____R () C:\Users\Andrew\Downloads\Shameless.US.S05E11.HDTV.x264-LOL.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 08:16 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 08:16 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 08:15 - 2012-07-18 23:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-02 08:15 - 2012-07-10 22:16 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Spotify
2015-05-02 08:12 - 2014-01-14 21:48 - 00000000 ___RD () C:\Users\Andrew\Google Drive
2015-05-02 08:12 - 2012-08-04 14:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 08:12 - 2012-05-22 17:05 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-05-02 08:12 - 2012-05-22 17:05 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-05-02 08:12 - 2012-05-22 17:00 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-05-02 08:12 - 2012-05-22 16:39 - 01987422 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 08:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 08:07 - 2009-07-13 23:51 - 00074269 _____ () C:\Windows\setupact.log
2015-05-02 08:06 - 2012-08-04 14:48 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-02 08:06 - 2012-06-05 10:47 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Google
2015-05-02 07:39 - 2012-05-22 16:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 07:26 - 2012-08-04 14:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 01:20 - 2012-06-06 00:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Nero
2015-05-02 01:03 - 2013-02-23 11:00 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\vlc
2015-04-26 23:40 - 2010-11-20 22:47 - 00597194 _____ () C:\Windows\PFRO.log
2015-04-26 22:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2015-04-26 22:43 - 2014-04-06 12:31 - 00000000 ____D () C:\Users\Andrew\AppData\Local\TB
2015-04-26 17:18 - 2013-02-23 01:36 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2015-04-26 13:23 - 2012-06-07 13:53 - 00000000 ____D () C:\Users\Andrew\Desktop\Krueger flash drive
2015-04-26 12:11 - 2009-07-14 00:08 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-15 22:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 20:39 - 2012-05-22 16:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 20:39 - 2012-05-22 16:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 20:39 - 2012-05-22 16:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 20:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 20:16 - 2014-12-10 21:20 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 20:16 - 2014-05-06 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 06:40 - 2012-06-05 11:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 06:39 - 2011-02-10 09:33 - 00776846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 06:39 - 2009-07-14 00:13 - 00776846 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 06:37 - 2012-05-22 17:03 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 06:36 - 2009-07-13 21:34 - 00000510 _____ () C:\Windows\win.ini
2015-04-11 11:21 - 2012-06-05 10:11 - 00000000 ____D () C:\Users\Andrew
2015-04-11 11:19 - 2015-02-15 00:25 - 00000000 ____D () C:\Users\Andrew\Downloads\Whiplash 2014 1080p BRRip x264 DTS-JYK
2015-04-11 11:11 - 2014-11-30 00:45 - 00000000 ____D () C:\Users\Andrew\Desktop\LTIC 520
2015-04-03 00:57 - 2013-05-30 23:14 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\dvdcss
2015-04-02 14:52 - 2015-02-11 23:49 - 00000000 ____D () C:\ProgramData\SupportAssistAgent

==================== Files in the root of some directories =======

2014-01-14 21:46 - 2014-01-15 00:10 - 50053120 _____ () C:\Program Files (x86)\GUT8D24.tmp
2013-12-12 23:38 - 2014-06-25 03:15 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-04-20 16:19 - 2015-05-01 06:14 - 0000020 _____ () C:\Users\Andrew\AppData\Roaming\appdataFr3.bin
2013-12-04 01:50 - 2013-12-04 01:50 - 0012288 _____ () C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-14 06:19

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2015
Ran by Andrew at 2015-05-02 08:17:19
Running from C:\Users\Andrew\Desktop\Virus removal
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3960278461-2044705814-1633424519-500 - Administrator - Disabled)
Andrew (S-1-5-21-3960278461-2044705814-1633424519-1000 - Administrator - Enabled) => C:\Users\Andrew
Guest (S-1-5-21-3960278461-2044705814-1633424519-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3960278461-2044705814-1633424519-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10628 - ATI Technologies Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccoomPareItApplic (HKLM-x32\...\{88E96402-3BBD-02D9-0A36-6FB806AEE04E}) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.6.511 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
Movavi Video Converter 15 (HKLM-x32\...\Movavi Video Converter 15) (Version: 15.2.2 - Movavi)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NoNoizzeBrowse (HKLM-x32\...\{BDB38365-BCF2-1BF7-0020-507553315EA5}) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spire.PDFConverter (HKLM-x32\...\{7144A11C-9162-4FE1-BA93-2A8CA6DB30CF}) (Version: 1.0.8 - e-iceblue)
Spotify (HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\...\Spotify) (Version: 0.8.4.93.gd9f49c35 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use VLC for YouTube (HKLM-x32\...\{C2E3DB8B-C43B-9203-7BE7-D03BA334FD8A}) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

23-04-2015 00:44:24 Scheduled Checkpoint
26-04-2015 17:32:03 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-04-26 17:32 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0077EBE5-BF9B-4F40-A891-5DED7A435372} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {01E73CB1-3329-4FE9-B0B1-8BC9A6FA5A46} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0CA1DE0B-DBBA-48A6-9ED1-5DE606B3AA18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {18E7C743-AB9B-4741-8586-400F4CC9A2F1} - System32\Tasks\{69D6DFB6-DD30-49C2-AF4F-0DE759856B3F} => C:\Program Files (x86)\e-iceblue\Spire.PDFConverter\Bin\PDFConverter.exe [2011-06-07] (e-iceblue)
Task: {39541E9F-1B53-4DD4-BFA5-2060FD938CF8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {40CFC240-561C-4610-BBEC-998E0A3AF824} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {5B43EA33-46F5-4914-A756-1B442C8A0FFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65D60050-8824-44FB-9577-B8BB3B828A09} - System32\Tasks\{A9936503-88F6-46F8-8E84-2743BFD35E91} => pcalua.exe -a "C:\Program Files (x86)\ActiveDeals\ActiveDeals.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {775AD619-38AF-4C94-8966-2BD4F13C9623} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {775BF3E0-25B4-4CA1-A74E-1F1DE4254F7B} - System32\Tasks\{0D8421A0-C776-441E-9A5A-8348A718FF18} => C:\Program Files (x86)\e-iceblue\Spire.PDFConverter\Bin\PDFConverter.exe [2011-06-07] (e-iceblue)
Task: {7D4AF4F6-31C3-40B2-A803-BC8511160EEC} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {9704B319-C4D4-4D9C-B76B-190321E3475B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B246FA33-767C-4897-931B-74E8325072EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B4051AEC-BDAF-4406-902E-6D9C83C5ED8C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C0832607-22E9-4DD2-A4BE-3256AA57223F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {DF827765-70C3-49DC-BD0A-E16F6860D7A9} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {E9A729AD-A8E5-4801-8F76-940088D87934} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FA460248-4A0A-4887-A2A2-03FB0A8818E8} - System32\Tasks\{DBA83F44-902D-4C39-BA89-85777B6EDCE4} => pcalua.exe -a "C:\Program Files (x86)\ActiveDeals\ActiveDeals.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-06-27 19:26 - 2011-06-27 19:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2012-07-10 22:16 - 2012-07-10 22:18 - 01192664 _____ () C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
2011-06-29 08:52 - 2011-06-29 08:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2012-05-22 16:56 - 2011-01-12 19:17 - 00053248 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
2012-08-21 14:20 - 2012-08-21 14:20 - 00067496 _____ () C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
2012-02-01 11:50 - 2012-02-01 11:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2012-05-22 17:01 - 2012-01-26 21:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 23:21 - 2011-06-24 23:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2015-05-02 08:12 - 2015-05-02 08:12 - 00098816 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32api.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00110080 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\pywintypes27.dll
2015-05-02 08:12 - 2015-05-02 08:12 - 00364544 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\pythoncom27.dll
2015-05-02 08:12 - 2015-05-02 08:12 - 00045568 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\_socket.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 01161216 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\_ssl.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00320512 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32com.shell.shell.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00713216 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\_hashlib.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 01175040 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\wx._core_.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00805888 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\wx._gdi_.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00811008 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\wx._windows_.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 01062400 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\wx._controls_.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00735232 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\wx._misc_.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00682496 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\pysqlite2._sqlite.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00128512 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\_elementtree.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00127488 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\pyexpat.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00087552 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\_ctypes.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00119808 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32file.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00108544 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32security.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00007168 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\hashobjs_ext.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00167936 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32gui.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00018432 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32event.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00038912 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32inet.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00011264 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32crypt.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00070656 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\wx._html2.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00027136 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\_multiprocessing.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00020480 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\_yappi.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00035840 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32process.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00686080 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\unicodedata.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00122368 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\wx._wizard.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00024064 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32pipe.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00010240 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\select.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00025600 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32pdh.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00525640 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\windows._lib_cacheinvalidation.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00017408 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32profile.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00022528 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\win32ts.pyd
2015-05-02 08:12 - 2015-05-02 08:12 - 00078336 _____ () C:\Users\Andrew\AppData\Local\Temp\_MEI43962\wx._animate.pyd
2012-05-22 16:56 - 2011-03-11 11:09 - 00028672 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\INDICATOR_OSD.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960278461-2044705814-1633424519-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{235A4EE2-2374-4278-A0C7-B9AE5A0DF22D}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B9C02A4A-CD82-4A68-AFEF-18A6E71A7E98}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A97E85F5-E4ED-43CD-AE61-FD7FA5B9AAE7}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{151E872D-94EA-45EE-8C53-405FA3416CC3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6F4D9268-AF1D-4C4D-822B-D53059A1B1C5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E1C9D98B-80FA-48B3-AF19-59F00DFF0297}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F84AA211-BBD9-4D2A-A77D-3A7613072F13}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1405285E-6BD0-492D-9D41-E65C52B5DD16}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{778113A6-EF06-49BB-943C-C42DA5C58D62}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{5DC0E443-46EE-419C-8BB8-3BE6C8507D12}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{36D25CD2-E918-4550-8C57-6094564A30C2}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{EB123F55-ADDB-437F-B909-62D33B9806D9}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{23E4B20D-B276-4D1A-9A4F-8A325AFD2851}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{276A5961-78F1-4070-86B6-67916B88E199}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{D0082C66-BA17-4BA3-87F4-D29BDD793BA5}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{8558CCC7-7CCE-42DC-8A0F-0A3A3F9A35CA}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{094B8A81-7195-47FD-87BB-4952848CF39F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{C4A45943-24F5-478B-8B9A-8216AD924A40}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{FF4B9928-E6B3-437B-97ED-F9B64782DC0B}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{39747EF5-4579-4844-A2CD-76DE78233D9F}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{1E3ED866-CD56-4FA4-B43B-65E8C7C1EE3D}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{EA5F62BC-A066-4F4D-9A2C-58C9D2B91B22}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{EFA6D68A-C8B4-48B0-8BB4-3B275E74C303}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{15CA8929-FD91-4642-9FF9-EF0D7C494EC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{6AE2A987-3BD5-4FA3-B605-84AB022BFB66}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{94515EBD-FDCC-4FA6-949D-711C021D6A6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FC820206-DA2D-4063-A908-D3DA0DAF3C94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D118EF60-018A-40AA-907F-8E8677B2F131}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3A5D28CE-F119-475E-B888-23F9CFCF902E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8DA32694-4D93-45C3-8632-B606AB6BB30A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F9AE2CE-DF51-4838-AE51-069DF7754F53}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03AE3CDD-4D83-4840-9793-90F82D96139F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{44A39254-163F-4D75-9CC4-7B2E9EA45568}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{DF84B7AC-8326-48EF-AB8E-D8D609E73BE5}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{97AF4A79-79A2-4014-9D5A-A6E9B448EBAD}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{A7AAFF9A-2968-438A-BBC2-9BFA9D3C5B36}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DB6DE8C8-74AD-4B2C-AAD7-08916DCB7246}] => (Allow) C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3DF3F95C-D53B-43D7-8B15-126B344F4FAC}] => (Allow) C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{94632BCA-6529-4642-B321-1524C7460619}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1450 Dual-band (802.11a/b/g) USB 2.0 Adapter
Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB 2.0 Adapter
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2015 08:09:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/02/2015 07:56:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/02/2015 02:23:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9891

Error: (05/02/2015 02:23:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9891

Error: (05/02/2015 02:23:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2015 01:40:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/02/2015 01:06:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 11:31:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1618

Start Time: 01d0845b1c065548

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/01/2015 05:07:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 00:26:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (05/02/2015 08:06:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/02/2015 08:06:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/02/2015 08:02:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/02/2015 08:02:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/02/2015 08:02:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/02/2015 08:02:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/02/2015 08:02:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/02/2015 08:02:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/02/2015 08:02:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/02/2015 08:02:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (05/02/2015 08:09:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/02/2015 07:56:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/02/2015 02:23:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9891

Error: (05/02/2015 02:23:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9891

Error: (05/02/2015 02:23:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2015 01:40:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (05/02/2015 01:06:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 11:31:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17728161801d0845b1c0655480C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (05/01/2015 05:07:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 00:26:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

CodeIntegrity Errors:
===================================
  Date: 2015-02-12 00:23:24.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-11 05:40:40.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-11 05:39:36.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 03:54:47.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 03:54:47.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 03:54:28.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 03:33:29.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-11 03:33:54.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-11 03:33:54.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-11 03:33:05.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 27%
Total physical RAM: 8174.64 MB
Available physical RAM: 5932.95 MB
Total Pagefile: 16347.48 MB
Available Pagefile: 13768.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1844.7 GB) (Free:1579.33 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:119.19 GB) (Free:45.85 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 0EF3ACCD)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1844.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 119.2 GB) (Disk ID: 6984713B)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=0B)

==================== End Of Log ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP