This topic is lockedThank you!
Referring to Rule 1 ("1. Always ask before acting..."), do I understand it right, that the script, from the "Start::" line to "End::", will stay in the "clipboard" and be used by the FRST program?
Is my PC infected? [Solved]
Started by
BerDov
, Jan 09 2023 07:17 PM
#17
Posted 11 January 2023 - 10:30 AM
DR M
-
- Malware Removal
-
- 4,112 posts
The Grecian Geek
Yes. Select the script and click on the FIX button. No need to paste anything.
#18
Posted 11 January 2023 - 11:15 AM
BerDov
- Topic Starter
-
- Member
-
- 228 posts
Member
Pasting Fixlog.txt below. In case it's relevant, it took almost 20 min for the program to run.
=============
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-01-2023
Ran by DovBer (11-01-2023 11:46:03) Run:1
Running from C:\Users\DovBer\Desktop
Loaded Profiles: DovBer
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [Chromium] => "c:\users\dovber\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session (No File)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe (No File)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\MountPoints2: {b2b0d526-add8-11e7-bdc1-806e6f6e6963} - D:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-08-22]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2020-11-18] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Toolbar: HKU\S-1-5-21-956995889-4081865807-2724082783-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FirewallRules: [TCP Query User{8AD605BD-7624-407F-96DA-4E9FF7B1F105}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [UDP Query User{923EDE2B-6459-48BB-A83B-6F5A45934A87}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{21A67E92-7F93-4CC7-9937-B8E9EC2C4F69}] => (Block) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{11AA0C33-8F84-42DC-8980-62A731D60FF7}] => (Block) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{56F9C3F0-4236-4C4F-8F85-8828E94FAC0D}] => (Allow) C:\Users\DovBer\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{E5EB4E94-6D3C-4920-9052-F4C95D98B52A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 5.8.0\ABService.exe => No File
FirewallRules: [{8595ABEF-A939-4DE2-B3EF-BE531D57BCB7}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 5.8.0\ABService.exe => No File
C:\Windows\System32\DRIVERS\SWDUMon.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EC5B556B-32A8-4D68-83CC-5356380FD889}
CMD: SFC /scannow
Hosts:
EmptyTemp:
End::
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
"HKU\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeSafeConnect" => removed successfully
"HKU\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2b0d526-add8-11e7-bdc1-806e6f6e6963} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\System\CurrentControlSet\Services\AvastWscReporter => removed successfully
AvastWscReporter => service removed successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKU\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8AD605BD-7624-407F-96DA-4E9FF7B1F105}C:\program files (x86)\epubor\ultimate\epuborultimate.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{923EDE2B-6459-48BB-A83B-6F5A45934A87}C:\program files (x86)\epubor\ultimate\epuborultimate.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21A67E92-7F93-4CC7-9937-B8E9EC2C4F69}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11AA0C33-8F84-42DC-8980-62A731D60FF7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56F9C3F0-4236-4C4F-8F85-8828E94FAC0D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E5EB4E94-6D3C-4920-9052-F4C95D98B52A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8595ABEF-A939-4DE2-B3EF-BE531D57BCB7}" => removed successfully
C:\Windows\System32\DRIVERS\SWDUMon.sys => moved successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EC5B556B-32A8-4D68-83CC-5356380FD889} => removed successfully
========= SFC /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 6% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 25% complete.Verification 25% complete.Verification 26% complete.Verification 27% complete.Verification 27% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 36% complete.Verification 36% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 70% complete.Verification 70% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 95% complete.Verification 95% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 99% complete.Verification 100% complete.Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55724399 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 18015912 B
Edge => 0 B
Chrome => 321633 B
Firefox => 1413141306 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 3970849 B
LocalService => 4037077 B
NetworkService => 4103305 B
DovBer => 389398930 B
RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:03:59 ====
#19
Posted 11 January 2023 - 11:27 AM
DR M
-
- Malware Removal
-
- 4,112 posts
The Grecian Geek
I expected it to take more. 
Continue...
1. Run AdwCleaner (scan only)
Download AdwCleaner and save it to your desktop.
- Double click AdwCleaner.exe to run it.
- Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
- Now click the Log Files tab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.
2. Run Malwarebytes (scan only)
- Open Malwarebytes you have already installed.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Under the title Scan Options, all the options are checked. Under the title Windows Security Center (Premium only) the option is NOT checked. Under the title Potentially unwanted items all options are set to Always.
- Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
- When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.
If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
In your next reply, please post:
- The AdwCleaner[S0*].txt
- The Malwarebytes report
#20
Posted 11 January 2023 - 11:50 AM
BerDov
- Topic Starter
-
- Member
-
- 228 posts
Member
Thank you! pasting <AdwCleaner[S00].txt>. The next log will follow/
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-11-2023
# Duration: 00:00:12
# OS: Windows 7 Service Pack 1
# Scanned: 32099
# Detected: 6
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\CoinisRevShare
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SlimWare Utilities Inc
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
#21
Posted 11 January 2023 - 12:00 PM
DR M
-
- Malware Removal
-
- 4,112 posts
The Grecian Geek
Waiting for the Malware report before giving to you instructions for deleting the detected items.
#22
Posted 11 January 2023 - 12:40 PM
BerDov
- Topic Starter
-
- Member
-
- 228 posts
Member
Malwarebytes report:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 1/11/23
Scan Time: 1:23 PM
Log File: 0bf8ad40-91dd-11ed-8566-3464a9311ce3.json
-Software Information-
Version: 4.5.19.229
Components Version: 1.0.1860
Update Package Version: 1.0.64509
License: Free
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Compaq\DovBer
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 237132
Threats Detected: 159
Threats Quarantined: 0
Time Elapsed: 8 min, 6 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 9
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFenceService_RASAPI32, No Action By User, 1037, 823187, 1.0.64509, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFenceService_RASMANCS, No Action By User, 1037, 823187, 1.0.64509, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, No Action By User, 1037, 823187, 1.0.64509, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, No Action By User, 1037, 823187, 1.0.64509, , ame, , ,
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ByteFenceService, No Action By User, 1037, 389039, 1.0.64509, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\ByteFence, No Action By User, 1037, 388723, 1.0.64509, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ByteFenceScan_RASAPI32, No Action By User, 1037, 823187, 1.0.64509, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ByteFenceScan_RASMANCS, No Action By User, 1037, 823187, 1.0.64509, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\ByteFence, No Action By User, 1037, 388723, 1.0.64509, , ame, , ,
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 27
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP, No Action By User, 1037, 388718, , , , , ,
PUP.Optional.ByteFence, C:\PROGRAMDATA\BYTEFENCE, No Action By User, 1037, 388718, 1.0.64509, , ame, , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\pt_BR, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\en, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\fr, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\hi, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\vi, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\skin\icons, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_metadata, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\skin, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0, No Action By User, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\USERS\DOVBER\APPDATA\LOCAL\chromium\USER DATA\Default\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, 415, 731237, 1.0.64509, , ame, , ,
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE, No Action By User, 1037, 823167, 1.0.64509, , ame, , ,
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\images, No Action By User, 15760, 731233, , , , , ,
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0, No Action By User, 15760, 731233, , , , , ,
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\JGHILJAAGGLMCDEOPNJKFHCIKJNDDHHC, No Action By User, 15760, 731233, 1.0.64509, , ame, , ,
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\ncjbeingokdeimlmolagjaddccfdlkbd\1.0.0.58_0, No Action By User, 15760, 731232, , , , , ,
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\NCJBEINGOKDEIMLMOLAGJADDCCFDLKBD, No Action By User, 15760, 731232, 1.0.64509, , ame, , ,
File: 123
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP\hosts_backup, No Action By User, 1037, 388718, , , , , A4ECA8014112A13122660B77E6F9ECA2, D311A04D648B6A745F75A8D55D063343BBB8758DFCF0AFFE1DDA9B7617DD4BC6
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP\uclogfile.bin, No Action By User, 1037, 388718, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\HelveticaNeue-Thin.otf, No Action By User, 415, 731237, , , , , C5A5CBF4DBCAA7064F2BC77F52101AEC, 6F6F5810C0E6D178304860E89D6F665727BC72CB9CD9F96A91C2291A2BB17C53
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\HelveticaNeueLT-Roman.woff, No Action By User, 415, 731237, , , , , E5D3501D500D07B0A1E952B0F8A81D78, C1FC1D23CA5632B0F8C494247569B7D0442DB6A154BEA1386D8CF7463F5294D1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\neue-bold.woff, No Action By User, 415, 731237, , , , , 2BFC185BE71F44CD73AC81511FC1F5A5, CAC0586C980357E4DF7737EEB1FE52DCC81EAD29408D981930EE192EEF8A87B9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\neue.woff, No Action By User, 415, 731237, , , , , B495E340F4EF8924FEA0284C1BF9E7AC, 5FF3D9ABCFCFB4AABCA0D78A830FFC3D650BF349096D8430081C706A4CF39F5A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\128.png, No Action By User, 415, 731237, , , , , 462993FBF692B7CBEF76FC91BC9A32C6, C0311D29A4EA8A84406C7F3FD9034FEAAFA8DAB204D54C51A5BC59CA2F662AB6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\16.png, No Action By User, 415, 731237, , , , , D03319C32C3CE8E905C52D3498477CA8, 9A1AACBA33C568AA7C7CCD5FC443DD17D7CCDF109560FC43FCBFB9BA34A254C5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\48.png, No Action By User, 415, 731237, , , , , E204205D57A71FBE341B271444D6990E, 257B95A239165C716D740ABEF88647554A05D982306DE5E4F9D2A12457B8F88A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\close.png, No Action By User, 415, 731237, , , , , 8642A94143685C619E4679AE9636FF15, AF819CA0DDEBBE607B08B10E0E5862C7BE82CF66271EBE934D112CE9AF8EAEF5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\favicon.ico, No Action By User, 415, 731237, , , , , E204205D57A71FBE341B271444D6990E, 257B95A239165C716D740ABEF88647554A05D982306DE5E4F9D2A12457B8F88A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\trends.svg, No Action By User, 415, 731237, , , , , 657D21838DC1D3C0928D86847011F596, 9ED15088EEB3CB84D9093EF48B60AAB855ECEB011B37E2CAEA77D45DBD903751
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\amazon_tile_v2.png, No Action By User, 415, 731237, , , , , 2D430D848785CB67DC858B623AD66046, 3C5ED4329A1A9FA0C065E11368D5A372A1FA9AF9CD64B31ABF00A925A4806B65
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\booking_tile_v2.png, No Action By User, 415, 731237, , , , , BAA43A54F24D6D76FD893BD99B427555, EF90601FED51EEC2D07324F5B984ACD570C167F03BFA056DDF7391D56CC20D4C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\ebay.png, No Action By User, 415, 731237, , , , , 35A8FAA7C63ED5A13125FC876F5A30B6, AF20FE86332943C0909222CCF4CEEB907AE4604C3B144B4A87A153825E0F8B2A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\ebay_tile_v2.png, No Action By User, 415, 731237, , , , , F5F13A4FED40D9F1EF360B4D04DE5D45, 1C96336EAA750717324171060302A0912BEDB4001989895BE710D60F85C08190
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\facebook.png, No Action By User, 415, 731237, , , , , 1E997E6F9059F1C4E8F12A7808D59479, F73E587C85322597E49465D9FEB5C52D1F12A6B9EB694922271A999D16274AB3
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\facebook_tile_v2.png, No Action By User, 415, 731237, , , , , CA77C97C09A9A2DA2F2AB44FDB831E76, EEBCB0E266FC94D8BA6E05BABDDE4925891560F4E15100CE044E80363D951804
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\gmail.png, No Action By User, 415, 731237, , , , , 433B8502243BD7A0C64167CEB3B90EA6, 119E1AB1FEA8CA3DD8CEA688C8514127087A7682CC582DB66AB31B5C8CD65EBC
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\gmail_tile_v2.png, No Action By User, 415, 731237, , , , , 9428C2002B46E2457570513CB38F0E88, E92AD27B8152C5DD0E2E28AB59E0F4827F893AA3ACB3F78932B1067A5A87A503
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\gtranslte.png, No Action By User, 415, 731237, , , , , C4C3B1448C740CB7527AD96BCFF78B3C, ABB886B7D12FAC6DB5C4D2CEECEE7472C0AE930C031039A3B29AF6B75BF92683
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\pinterest.png, No Action By User, 415, 731237, , , , , 42194A2D567AC7778F012F27B8D4A517, 0366459FA0DD39F4696E69A8AE4413CA729C834A0845499EB321F255D9EE3986
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\twitter.png, No Action By User, 415, 731237, , , , , 9DA6B7CAFE6E9F807BC113DFCF6DCEEB, E424B7EE462F1BF29A3A29F03D51E0C85A71065DD2EC310915E0AF5DFBD18CF0
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\twitter_tile_v2.png, No Action By User, 415, 731237, , , , , AD477086BFB7E3A4D85628E40A0027B9, 16F425BE8C2257082CE6CA1EFE75FF8EB9379A1233FAD25ACD2700C9A6135BE7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\yahoo.png, No Action By User, 415, 731237, , , , , 41A2186618CD318FECB583324BC12CB4, 9D1013C27D28A4D2A6A5E56AD6C74003A5B16815BF55757B4A9EB3215B61781E
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\yahoo_tile_v2.png, No Action By User, 415, 731237, , , , , 8A6E64EAEAF2C6D3FD99BA7DDA87C881, 839C454DB4EB0D6266C69D0508C98F3A722D3BC4550E56FFA682BD6F52098895
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\youtube.png, No Action By User, 415, 731237, , , , , 9EB31C0BCBE7C0951F3F6F1D4D0A34F5, 5A96BA8927E0B85F922DFFB6404F7385052479B237AEDC961EBF528A8EE30FE1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\youtube_tile_v2.png, No Action By User, 415, 731237, , , , , A7C30DCFAD5D33BC14D9BA374786A939, 3EB764F213B43C88FCA7B319324247E74C0BE0508F941FD50031A8F8EF4C5FD7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\DOC-to-PDF.jpg, No Action By User, 415, 731237, , , , , D5E2C08361C1631A07A37F80AEBAB82F, 870EEBFB15F896262E0C14794F8552D7566DD1C0734D2F224BFC6B086B8C725B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\PDF-to-DOC.jpg, No Action By User, 415, 731237, , , , , 5C33F457B28E23FA227C45C71E11AAD1, 93679E40968244D8B01D22E74CC01668D6F99330088BCB86CC6D38355E044A03
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\Translation.jpg, No Action By User, 415, 731237, , , , , 59E53F622A25B5C9D216087B0BC42817, 8206211E3BE7C6F3A36A29130DD786A080745D49A6C7B087C69C0C5CA20D2736
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\View-PDF.jpg, No Action By User, 415, 731237, , , , , CD4308B06D2C39743A3C88407C2F38F5, A5401BD3DD854688D2272F535BC9773C475871EE63469227E5299E25C675B593
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\01d.svg, No Action By User, 415, 731237, , , , , 91BF569906A08540DD30B87603DD14C0, 7F877B248F3FF20B65CF8B04328BFD35AAE658D7901F4C375722D1B6C781E6C4
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\01n.svg, No Action By User, 415, 731237, , , , , 3A5675A4A8797216EEA87EB651685FBD, CF200BB32A0475E47D63FA692CBFF221B12A40B6650460923C455C3E72B417BD
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\02d.svg, No Action By User, 415, 731237, , , , , A9EE40BC8EA6482ECF3217BBAD2C0DBB, 86B8F0EA51C1BE197C2A228CE7BBC3368B973F2AF93A786AD26E1FFBBA808392
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\02n.svg, No Action By User, 415, 731237, , , , , FA89FFBBA65F0FCC2085EB10E037C8C4, 7877EB3F89B1D9600AAA7ADF1B4678EC49BB362E70BD96E95267098555B870D1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\03d.svg, No Action By User, 415, 731237, , , , , 4D92354654B34FBC13D54009055350FE, 8DC413FB4089E93564D87BBE3452026B9CA169A96876CF9C04018D3710240611
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\03n.svg, No Action By User, 415, 731237, , , , , EA8CE541BD81A497DB154C45576BDC64, 4C28521358132AE4C14DF9EA1C78D7A2EDCAAAD7B1BFAAD14B32B4A8B20ED8C8
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\04d.svg, No Action By User, 415, 731237, , , , , 802A7898EE61A2495FF0829503034B82, DE52D064B40DF002BF2C5477B0A1E94639905BBB339409E9DF161732750AEB97
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\04n.svg, No Action By User, 415, 731237, , , , , 7C73AAC0F8F8726BD296AB78952F2E4C, 189C4A18855CCDB88074CCC192BAF403FDF8CCE4D7266DC1AF0D0F3C139CEB16
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\09d.svg, No Action By User, 415, 731237, , , , , E3D5A78C7FD6D635FA37364EEC497AD1, AC35DCBBDDA08309B98B43ACD63B48795A339D8535A44693A99F312A20D4A245
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\09n.svg, No Action By User, 415, 731237, , , , , E3D5A78C7FD6D635FA37364EEC497AD1, AC35DCBBDDA08309B98B43ACD63B48795A339D8535A44693A99F312A20D4A245
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\10d.svg, No Action By User, 415, 731237, , , , , 43E644FBC32C233DAE81CF8867BCA186, 74BDE29BE4A31C0E977566E3A2DD5AFD8C0089932199E3F99DA9B1C624E45271
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\10n.svg, No Action By User, 415, 731237, , , , , 6DF6F1350FE882002BBFA9CA8D3CA155, E19BB435B53D88C78A74B479716B321945A58A9D983AD8E00D6CA076E62B3078
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\11d.svg, No Action By User, 415, 731237, , , , , F09DDA9845543AE2851296CD61F9010D, 0D25EB3D591139E3F83FAF4D9A338CD7253A76A456190E191B302611A9157BD2
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\11n.svg, No Action By User, 415, 731237, , , , , F09DDA9845543AE2851296CD61F9010D, 0D25EB3D591139E3F83FAF4D9A338CD7253A76A456190E191B302611A9157BD2
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\13d.svg, No Action By User, 415, 731237, , , , , 4DBC85BDB2EA21F811FBB529C5AB92C5, 84B036879F2552EFE8B2FBFEF6B4BD2C94524B865C79CE74D636CF5208CE6268
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\13n.svg, No Action By User, 415, 731237, , , , , 4DBC85BDB2EA21F811FBB529C5AB92C5, 84B036879F2552EFE8B2FBFEF6B4BD2C94524B865C79CE74D636CF5208CE6268
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\50d.svg, No Action By User, 415, 731237, , , , , 60D739B46B108111B80BE45EB0FFCED0, 2C224A297B9EDABC64AF357DBF9DC251F55F51642008D270987C25A1D62D6E16
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\50n.svg, No Action By User, 415, 731237, , , , , 60D739B46B108111B80BE45EB0FFCED0, 2C224A297B9EDABC64AF357DBF9DC251F55F51642008D270987C25A1D62D6E16
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\angle-arrow-down.png, No Action By User, 415, 731237, , , , , 425C99F0A3D4F8DB303A12F9EF28EAAF, 825307A95824D83485CFB8C015BFAD064E6B2A3FD03425A668C56992337BC44A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bing.png, No Action By User, 415, 731237, , , , , BB17EF823996DC8DE713736CD542D2A3, 9A37C0A4AF294D70BBE1F751FA8A49F494268920EAB512112B129D92B75146A4
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bing_large.png, No Action By User, 415, 731237, , , , , EEF8B72DCABE1A740BEA89B19723628C, 96FF5E05A7DDFEBF34154A502AD7B1DCE914314FF334897FBB86DCA49D5AC092
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bluesky-bg.jpg, No Action By User, 415, 731237, , , , , 264E6A188FCC47A9A69169FC8130A383, B212BEBCCF4D150CA6F718EEC38B78A99A75F716450DA700C5BDE472949D0010
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\brush.png, No Action By User, 415, 731237, , , , , 5AB11CB242F23ABFFA4A597012F36854, F4111CBF2E0CA5B0DF7E6EFB6406C8C53A937D2C36121DC89AA934409F54A3B6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bt.png, No Action By User, 415, 731237, , , , , A366EEBA3F55C0DD73DC77D6A8ADB8E2, 22D73AFB1BC0026D0B666754990BBB0C1B36301ECD72775A92833D2FA60E18C6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\clock.png, No Action By User, 415, 731237, , , , , E010C449FDF59B76A6B0483668EF78A7, D17A6D266FB38258BDAF28366E9B4F518F8F2CC5E7BA7E6D88831A4A7FE5797F
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\cloud.png, No Action By User, 415, 731237, , , , , 1A77D783C753E3E031BEA93C4DCCDDC1, 046CEF5985AEFFBAAA9ED1F281292004B8ED3DCF0CEAE3CAFDD3AB91098F93A8
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\cupcake-bg.jpg, No Action By User, 415, 731237, , , , , 66A2DB7F8D36B709EEF6D8D0C590B542, BFAF8F20A6E24D552AB35E6339C8DEF9E78DB28572D92FDEDB34095EF32A7CC0
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\desk-bg.jpg, No Action By User, 415, 731237, , , , , 928C12FA79DAD8915196CC3F8CFE40EC, BE63CC05CDE965AE1A55841934B9A1B8BA044068F9D974F4AD6704AFC8476B7D
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\doodle.png, No Action By User, 415, 731237, , , , , D4958E87C7CE522E342F931A333970AE, B56A6859E8D7FA04C6F955310C013F5F9D97102897BC6D90A04BDDC3443941A7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\down.png, No Action By User, 415, 731237, , , , , 5F436C737EFD859DD954AD15EC903F0E, 23A86848A03543FBE499C02A56DB442D3345AB8118151A2A01AFCBF81AE33B1B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\enhanced_google.png, No Action By User, 415, 731237, , , , , 04D4914F9CC2EA1826B7FBB302401A88, 545A20533ABEECA889A9F99702EE3F4A8D8B143CD5011E4B46CC5A775D5FA225
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\eyeglass.png, No Action By User, 415, 731237, , , , , A3439A6B9105E00273F1D64303A973B9, B38E3C8DD6057C196276910F7BEF8C9C11523326BE86A61879EA774B51315569
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\gmx_large.png, No Action By User, 415, 731237, , , , , 02F3BC0B4806AFDEF155B36F99107394, 729C219E269E52B58961BF974710F56AC01B9B918FBCEE2EC01385EFE2254C35
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\google.png, No Action By User, 415, 731237, , , , , B7AF6C6DEC49F72B92F3BD2B79028D50, BBB2591E5F1582FBFA19D4E03AE972C45DB07737FDB491A588017F35DDF80406
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\google_large.png, No Action By User, 415, 731237, , , , , 9BD876775DA12C05DBAF6CB4B6FCD2CD, 141E34B9AF4159CC8540E271D38754B40CFB78BF924D495952E02DBE34ED411E
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\hero-bg.jpg, No Action By User, 415, 731237, , , , , A60D5FC412E50DD41C0E898311C73140, 11AFA541FED390CC0327837DB980F3D8DD4845BB6597AE8DD9AECCC7C8E04294
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\just-the-box-empty.png, No Action By User, 415, 731237, , , , , 2BE8B0A2019B6C84150804B0DDA8B275, 77D66810FA5B6EFD0F889F2BBE623F3977D05063D7B692E292447D5EAD6E932C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\just-the-box.png, No Action By User, 415, 731237, , , , , 1394F3CBAFB588010ADFB3DF8475894F, CABD24BAA737764D90312F2757F8E87B0E4276989124BD0EA12D1143D5E5F0BB
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\mountain-bg.jpg, No Action By User, 415, 731237, , , , , F8252134BCD456FA6DF7B24DE42A48E3, 1FD249649EB1FCA9D6DDA8D994AD5D29BEC0904767BB65BFB223235784BBB0A9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\pointer2.png, No Action By User, 415, 731237, , , , , 1FCF977389DE9A23148D1331C353F7EF, 15D5E0C3C9F03DFF71B48658CDA7D6A0E13D269CC9CCC781953BA68161386497
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\radio-selected.svg, No Action By User, 415, 731237, , , , , 70E45B0BFB992497BF11A446724954BB, A3299F958735F69A46AB58E56B254B7DBAF99175E5F5D40B086B1ACED1E6379B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\radio-unselected.svg, No Action By User, 415, 731237, , , , , 013641C182F47244720ABBB0BD24459F, BD33D6EBD2F0C2D1D8BF68C6630CB54C15610FA9D49B9AECD5DE0050BEAB7137
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sea-bg.jpg, No Action By User, 415, 731237, , , , , 237E09A65D3A9D21025A3D12069319F4, E2FC4CAB37A53B9C10CD8E123DDFC731D66771E2E118D7C8EB851C760B833065
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\settings.png, No Action By User, 415, 731237, , , , , 134CDABFEB143F1F90B4AEEB67F64A8F, E6A3573AB0A3266185BBFD967D5AEBD99DA20D60F33C3BB98E79CFA3521EA19E
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\smallMagnifier.png, No Action By User, 415, 731237, , , , , EBB15FE6852AE93EAE662EC0A844C8E4, 8530D04C0CF9A33F7C05343A13F01D07211556D51372BAD944A2A74640C48673
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\star-unselected.svg, No Action By User, 415, 731237, , , , , 3B9BC34A38EC1B79B06714E104BDA7A0, 95F223CB4ED1028E0FA2745C975F1F19AF6E6B56E1F9A0270C06DF56FBE2B3C6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\star.svg, No Action By User, 415, 731237, , , , , 277D4BA11CDE0B393D4D38DFECD3115F, 1FE906900C0A8AF9842598F70FADBF2251A0E149A419CB7E1D8137FB445B0ABA
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\todoc.png, No Action By User, 415, 731237, , , , , B4FD8B927FE39C15EF1BDC6C84A94851, E94A4FC440834E3F57835F7CB903AAFB4C148CD42E99FB8ED622AD598112718A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\toggle-off.svg, No Action By User, 415, 731237, , , , , 728DAC4DF75D600C748D0804E66F0EFC, 894152ACAA320CC76411645082471C4673E74118D58E67D68CEA30C0C95B683C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\toggle-on.svg, No Action By User, 415, 731237, , , , , C65FB3F5FAE84AD74D71CAC290215363, 129156E0B9797107E26587699AB7BF2C582EBFF2F23448D4E6627FBCA1FE6284
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\topdf.png, No Action By User, 415, 731237, , , , , 3A17D321390C29AB1C2340E8C4AAD65F, 96BC94E0163503CA81EDC1C503DA8D3D3279B33CE33E86947CF9CA4AAC59CEE9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\transparent_img.png, No Action By User, 415, 731237, , , , , ABA92128C4A2D1D5AA5263EC172BCAE0, 1E6E780B8183DA128B32DD6C5E572BE5411EF11A97D467EF04BFFCB92652AEE5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yahoo.png, No Action By User, 415, 731237, , , , , C29B41B6E54A4925FD72A21AD9B85457, A5E9DFC58D5FFF1CB6867587582790110D8FB0D8F3A80D9540399639139A63E3
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yahoo.svg, No Action By User, 415, 731237, , , , , C356F831B4B51C9EBD037D15F9B7043D, 79A57D4E90223AEF02E08127F527411C734385F631B1D79BDA8AD67E89BB8C60
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yahoo_large.png, No Action By User, 415, 731237, , , , , 91A19F74F2FF8A10168FE45BE4CCCF09, 55CD76BC20E66B75B2E6E529E33101830A247972B969AD64CB3679A2F12733B6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yandex.png, No Action By User, 415, 731237, , , , , DE26DBC6FAB21ECEE503986B92D0F2C4, 514A606D4ED87109E668E9AC5B3C751F280E9D58B18B530C63426234333DAAC1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\bundle.v0.0.1.min.css, No Action By User, 415, 731237, , , , , C689DFAD32773B80997CE303CB8B17EF, 3EFE2B5F682984E1B8D40F3E030F96C1C5E29C2C31BEED3D1F76AAEABDFABBC6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\skin\icons\16.png, No Action By User, 415, 731237, , , , , D03319C32C3CE8E905C52D3498477CA8, 9A1AACBA33C568AA7C7CCD5FC443DD17D7CCDF109560FC43FCBFB9BA34A254C5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor\md5.min.js, No Action By User, 415, 731237, , , , , C3A7222388987B8D12694736F6EF1595, 31D57206075645A34F442E3A56D5D2B445E437CF99739889BC1D65662B02BC31
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor\react-dom.min.js, No Action By User, 415, 731237, , , , , 1918A3A247F0D09607DC3A65EDA20785, 5E1B60ED026E361C01E40CDA51C82BD22A8DB428ADCCDF9CFFA939FD23AD10D5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor\react-with-addons.min.js, No Action By User, 415, 731237, , , , , 8F3E13A0CADB06A9F31CE589E89C717A, 88DFBC11D37000F060F5F6DE85EB38C7B024C09A8B7126152D17E8C8F277B653
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\en\messages.json, No Action By User, 415, 731237, , , , , 097F1938247E6E1B4C4204DFA859CB4D, 2D041F4572E002735D2D0AF4BC33AFF0BFFCE69A0DDE01128AF8307827B9564C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\fr\messages.json, No Action By User, 415, 731237, , , , , 3F3681E1030F417CA21B91EB8034ECE7, 32A5A3172F696B53D8CEF78DCFF1DA1EA95A931534DCCF005827A4BE25B825F7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\hi\messages.json, No Action By User, 415, 731237, , , , , 9D18797391C96190EDBD73D963112D3A, 169D91EBA382D0AA3BF5F5F4A27762DCF72178FA81FFBA480EBF33A09AED0D6B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\pt_BR\messages.json, No Action By User, 415, 731237, , , , , BA0F4CF80D9845B49E566D7E954A0C66, 78EAAE095CD6889CF30D9D9EA7EE24109B9853B1DE74D9FD9837F2296BEA7CC8
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\vi\messages.json, No Action By User, 415, 731237, , , , , 136730EF55C8BB5D97AEBBFB8E2A1CA6, E19069A53DC755603AEA5922A918709883787DFA7AE6841BCF52AE2B6E5BC821
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_metadata\verified_contents.json, No Action By User, 415, 731237, , , , , B0166C6DF69B9234B47134B796982018, B66BE6C3E399E63032421577BA8D53B2AECE30F4729BD0246F355B8C62379902
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, No Action By User, 415, 731237, , , , , 2BFC185BE71F44CD73AC81511FC1F5A5, CAC0586C980357E4DF7737EEB1FE52DCC81EAD29408D981930EE192EEF8A87B9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, No Action By User, 415, 731237, , , , , B495E340F4EF8924FEA0284C1BF9E7AC, 5FF3D9ABCFCFB4AABCA0D78A830FFC3D650BF349096D8430081C706A4CF39F5A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\background.html, No Action By User, 415, 731237, , , , , F5DF5D73677BE03BB5C534E44E793F19, 36510BCF9AD8BCCF2FD1A57D377C74AF2E9D1ECA7E754CEFDF56C5DC71A77E6F
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\background.v0.0.1.min.js, No Action By User, 415, 731237, , , , , 06742A08C8E043E1713012D831A8340A, A299258A555DB45295C0940777271AE399CF49C175DB19753CAD34BEB97143A7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, No Action By User, 415, 731237, , , , , C5A5CBF4DBCAA7064F2BC77F52101AEC, 6F6F5810C0E6D178304860E89D6F665727BC72CB9CD9F96A91C2291A2BB17C53
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\client.v0.0.1.min.js, No Action By User, 415, 731237, , , , , DBD7548B72BBB8CAF7E5E77E5F9639DF, D177E2ECE24FA67B45B42CAB47949AF77C2E1DCA07EE54B5BCE1F2BFFDFB9440
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\common.js.v0.0.1.min.js, No Action By User, 415, 731237, , , , , EB1BD40914525C1A9062304CB9405C82, 38D38174066D16FF6967A4E9E4F053453672D2847A39829AE8158FBEA174AFA2
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, No Action By User, 415, 731237, , , , , E5D3501D500D07B0A1E952B0F8A81D78, C1FC1D23CA5632B0F8C494247569B7D0442DB6A154BEA1386D8CF7463F5294D1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\e_.json, No Action By User, 415, 731237, , , , , 541613A646627C352C67EBDFFE313EE2, 797E7597882F9D9362EED7232B9E515AF5A2B0EA6FDF9CE8FDB82A664E278109
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\index.html, No Action By User, 415, 731237, , , , , 5E6EBC50F2E867C5B26C5C279824164A, 74DB9780E82BA924DB1A0CDCBFEE48CF743AC6EC617DC4D78069A54485E8AF33
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\manifest.json, No Action By User, 415, 731237, , , , , 92E92795E72400712EC19B2C8079C63D, 5FD907621D9E6B5E551B8FE8E2CD08C9B8EB099B282D042495AE80DAA5649920
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\popupTab2.html, No Action By User, 415, 731237, , , , , B76103F2D58B5AF3A9D9AA82BB1FC76B, 21A3B11C73EF839039420E1FB52434D86C8B9489C4DA918DEF50ADCF19BA4D98
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\popupTab2.js, No Action By User, 415, 731237, , , , , 0D8FD67CBA435F898239A7067C8AA825, 8053BDC1F949AD0D255B3084FCFCE46B3067A96B99DC38183B68476847661B42
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\responseConfig.json, No Action By User, 415, 731237, , , , , 8900CCE964BE4511C73F31AB474D0546, 911FBE0A3795E9EF7D1D88DBC987FB6F34031C48D36432CE00489E1DB99E6667
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\JGHILJAAGGLMCDEOPNJKFHCIKJNDDHHC\13.2.2.61_0\MANIFEST.JSON, No Action By User, 15760, 731233, 1.0.64509, , ame, , C4FF2A7D8E24B79EEBB20B54513B4C9A, 2A15A06860FC80FFBBBE9ACA8C3400CFCA75031EDC090BD4689098C5960124C1
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\images\chromium.svg, No Action By User, 15760, 731233, , , , , 129885B674BA18766E5D50FE292D1A37, 5707D754CA7CA0FAC88756CC0AD2A2B9560895F54FCA375F6E3BACD490AC3EE6
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\images\shadow.png, No Action By User, 15760, 731233, , , , , 04FD8AAC163C7D0EF54B55ED32C8AF14, 0B63EFE6A84643D7D02C159105F61A578D36EA3EBAEC511BE481554FA138CCFB
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\background.html, No Action By User, 15760, 731233, , , , , 4E5370DDCDFF03169EE66920495772B5, 77CFB5CAE40A8027E3AB29ECCBB571A6186575DCE0B2C0D2CF3187545AD4D755
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\background.js, No Action By User, 15760, 731233, , , , , 8F86707A4F4292F21134AA022561EF8D, 93986C4023BB1168750CC24F3E80A5069092B2D6A93730095A90F9FD12999F2B
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\config.json, No Action By User, 15760, 731233, , , , , D09871255D2C9D1B9CF6275718EACF7C, 638D703389BCDFC6E26ED7CBC6870B6D88ED8552E381D8C61D73B6345D77AE9A
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\test.js, No Action By User, 15760, 731233, , , , , 3D3974C0D96A375B281AFCF7E4C5B6BC, CC8E6E9DF69230CD1ED71486FEA6F543C2BFD3026CA8C17562CE82BEA4104301
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\tr.js, No Action By User, 15760, 731233, , , , , B70672AA81350F9BAB74DB676B3817EA, 0A66A749D888656E17FDC4D997F2E004656B854792BDF9ED0A9AFBCB71EB8623
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\NCJBEINGOKDEIMLMOLAGJADDCCFDLKBD\1.0.0.58_0\MANIFEST.JSON, No Action By User, 15760, 731232, 1.0.64509, , ame, , BE8B86ADE9F9559C50BBC47255DD00AF, 8A127C676D73256FFA93ED8517A6FC97F9E82308FFAF57BD86C24533A003A1D4
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\ncjbeingokdeimlmolagjaddccfdlkbd\1.0.0.58_0\background.html, No Action By User, 15760, 731232, , , , , 2AD79573C9CF4D8C561865076DFBE546, F6BED3739D8CC6A4D79C4C0401638CFED58DE0829D3790461879C4D3A088E08E
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
#23
Posted 11 January 2023 - 12:58 PM
DR M
-
- Malware Removal
-
- 4,112 posts
The Grecian Geek
Many things detected, mainly adware and potentially unwanted programs.
Let's clean:
1. AdwCleaner (Clean mode)
To proceed, please do the following:
- Double click AdwCleaner.exe on your Desktop, to run it as you did before.
- Click Scan Now.
- When the scan has finished a Scan Results window will open.
- Please check all the boxes and then click Quarantine.
- Click Next.
- If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
- Check any pre-installed software items you want to remove.
- Click Quarantine.
- A prompt to save your work will appear.
- Click Continue when you're ready to proceed.
- A prompt to restart your computer will appear.
- Click Restart Now.
- Once your computer has restarted:
- If it doesn't open automatically, please start AdwCleaner.
- Click the Log Files tab.
- Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
- A Notepad file will open containing the results of the removal.
- Please post the contents of the file in your next reply.
2. Run Malwarebytes (Clean mode)
- Double click the program's icon on your Desktop, as you did before.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Under the title Scan Options, all the options are checked. Under the title Windows Security Center (Premium only) the option is unchecked. Under the title Potentially unwanted items all options are set to Always.
- Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
- When finished, you will see the Thread Scan Summary window open.
- If threats are not found, click View Report and proceed to the two last steps below.
- If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
- You may need to restart the computer.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
3. ESET Online Scanner
Download ESET Online Scanner and save it to your desktop.
- Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
- When the tool opens, click Get Started.
- Read and accept the license agreement.
- At the Welcome to ESET Online Scanner window, click Get Started.
- Select whether you would like to send anonymous data to ESET.
- Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
- Click on the Full Scan option.
- Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
- ESET will now begin scanning your computer. This may take some time.
- When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
- ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
- On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
- Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
In your next reply please post:
- The AdwCleaner[C0*].txt
- The Malwarebytes report
- The eset.txt
#24
Posted 11 January 2023 - 01:08 PM
BerDov
- Topic Starter
-
- Member
-
- 228 posts
Member
Thank you! Need to take a break for a couple hours.
#25
Posted 11 January 2023 - 01:15 PM
DR M
-
- Malware Removal
-
- 4,112 posts
The Grecian Geek
Take your time.
Here it is 21:15, so... I'll be back to you tomorrow.
#26
Posted 11 January 2023 - 08:24 PM
BerDov
- Topic Starter
-
- Member
-
- 228 posts
Member
Excellent! Followed procedure, everything went smoothly.
Before posting logs, I'd like to offer a couple of editorial notes to the procedure, since the apps have been updated.
Re: AdwCleaner
"...A prompt to restart your computer will appear.
Click Restart Now..."
NOTE. No prompt appeared; computer was restarted manually;
"... Once your computer has restarted:
If it doesn't open automatically, please start AdwCleaner.
Click the Log Files tab..."
NOTE. I understood this as "start AdwCleaner and WITHOUT SCANNING click on the Log Files tab.
Re: Malware bytes
NOTE. computer was restarted manually;
================== AdwCleaner Log =======================================
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-11-2023
# Duration: 00:00:08
# OS: Windows 7 Professional
# Scanned: 32100
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1774 octets] - [11/01/2023 12:45:21]
AdwCleaner[S01].txt - [1833 octets] - [11/01/2023 16:26:20]
AdwCleaner[C01].txt - [1911 octets] - [11/01/2023 16:27:16]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
================== Malware bytes report =======================================
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 1/11/23
Scan Time: 4:38 PM
Log File: 3fc0b440-91f8-11ed-87b5-3464a9311ce3.json
-Software Information-
Version: 4.5.19.229
Components Version: 1.0.1860
Update Package Version: 1.0.64511
License: Free
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Compaq\DovBer
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 237096
Threats Detected: 153
Threats Quarantined: 153
Time Elapsed: 6 min, 28 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 3
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ByteFenceService, Quarantined, 1037, 389039, 1.0.64511, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\ByteFence, Quarantined, 1037, 388723, 1.0.64511, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\ByteFence, Quarantined, 1037, 388723, 1.0.64511, , ame, , ,
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 27
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP, Quarantined, 1037, 388718, , , , , ,
PUP.Optional.ByteFence, C:\PROGRAMDATA\BYTEFENCE, Quarantined, 1037, 388718, 1.0.64511, , ame, , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\pt_BR, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\en, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\fr, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\hi, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\vi, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\skin\icons, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_metadata, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\skin, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\USERS\DOVBER\APPDATA\LOCAL\chromium\USER DATA\Default\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, 415, 731237, 1.0.64511, , ame, , ,
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE, Quarantined, 1037, 823167, 1.0.64511, , ame, , ,
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\images, Quarantined, 15760, 731233, , , , , ,
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0, Quarantined, 15760, 731233, , , , , ,
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\JGHILJAAGGLMCDEOPNJKFHCIKJNDDHHC, Quarantined, 15760, 731233, 1.0.64511, , ame, , ,
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\ncjbeingokdeimlmolagjaddccfdlkbd\1.0.0.58_0, Quarantined, 15760, 731232, , , , , ,
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\NCJBEINGOKDEIMLMOLAGJADDCCFDLKBD, Quarantined, 15760, 731232, 1.0.64511, , ame, , ,
File: 123
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP\hosts_backup, Quarantined, 1037, 388718, , , , , A4ECA8014112A13122660B77E6F9ECA2, D311A04D648B6A745F75A8D55D063343BBB8758DFCF0AFFE1DDA9B7617DD4BC6
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP\uclogfile.bin, Quarantined, 1037, 388718, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\HelveticaNeue-Thin.otf, Quarantined, 415, 731237, , , , , C5A5CBF4DBCAA7064F2BC77F52101AEC, 6F6F5810C0E6D178304860E89D6F665727BC72CB9CD9F96A91C2291A2BB17C53
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\HelveticaNeueLT-Roman.woff, Quarantined, 415, 731237, , , , , E5D3501D500D07B0A1E952B0F8A81D78, C1FC1D23CA5632B0F8C494247569B7D0442DB6A154BEA1386D8CF7463F5294D1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\neue-bold.woff, Quarantined, 415, 731237, , , , , 2BFC185BE71F44CD73AC81511FC1F5A5, CAC0586C980357E4DF7737EEB1FE52DCC81EAD29408D981930EE192EEF8A87B9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\neue.woff, Quarantined, 415, 731237, , , , , B495E340F4EF8924FEA0284C1BF9E7AC, 5FF3D9ABCFCFB4AABCA0D78A830FFC3D650BF349096D8430081C706A4CF39F5A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\128.png, Quarantined, 415, 731237, , , , , 462993FBF692B7CBEF76FC91BC9A32C6, C0311D29A4EA8A84406C7F3FD9034FEAAFA8DAB204D54C51A5BC59CA2F662AB6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\16.png, Quarantined, 415, 731237, , , , , D03319C32C3CE8E905C52D3498477CA8, 9A1AACBA33C568AA7C7CCD5FC443DD17D7CCDF109560FC43FCBFB9BA34A254C5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\48.png, Quarantined, 415, 731237, , , , , E204205D57A71FBE341B271444D6990E, 257B95A239165C716D740ABEF88647554A05D982306DE5E4F9D2A12457B8F88A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\close.png, Quarantined, 415, 731237, , , , , 8642A94143685C619E4679AE9636FF15, AF819CA0DDEBBE607B08B10E0E5862C7BE82CF66271EBE934D112CE9AF8EAEF5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\favicon.ico, Quarantined, 415, 731237, , , , , E204205D57A71FBE341B271444D6990E, 257B95A239165C716D740ABEF88647554A05D982306DE5E4F9D2A12457B8F88A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\trends.svg, Quarantined, 415, 731237, , , , , 657D21838DC1D3C0928D86847011F596, 9ED15088EEB3CB84D9093EF48B60AAB855ECEB011B37E2CAEA77D45DBD903751
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\amazon_tile_v2.png, Quarantined, 415, 731237, , , , , 2D430D848785CB67DC858B623AD66046, 3C5ED4329A1A9FA0C065E11368D5A372A1FA9AF9CD64B31ABF00A925A4806B65
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\booking_tile_v2.png, Quarantined, 415, 731237, , , , , BAA43A54F24D6D76FD893BD99B427555, EF90601FED51EEC2D07324F5B984ACD570C167F03BFA056DDF7391D56CC20D4C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\ebay.png, Quarantined, 415, 731237, , , , , 35A8FAA7C63ED5A13125FC876F5A30B6, AF20FE86332943C0909222CCF4CEEB907AE4604C3B144B4A87A153825E0F8B2A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\ebay_tile_v2.png, Quarantined, 415, 731237, , , , , F5F13A4FED40D9F1EF360B4D04DE5D45, 1C96336EAA750717324171060302A0912BEDB4001989895BE710D60F85C08190
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\facebook.png, Quarantined, 415, 731237, , , , , 1E997E6F9059F1C4E8F12A7808D59479, F73E587C85322597E49465D9FEB5C52D1F12A6B9EB694922271A999D16274AB3
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\facebook_tile_v2.png, Quarantined, 415, 731237, , , , , CA77C97C09A9A2DA2F2AB44FDB831E76, EEBCB0E266FC94D8BA6E05BABDDE4925891560F4E15100CE044E80363D951804
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\gmail.png, Quarantined, 415, 731237, , , , , 433B8502243BD7A0C64167CEB3B90EA6, 119E1AB1FEA8CA3DD8CEA688C8514127087A7682CC582DB66AB31B5C8CD65EBC
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\gmail_tile_v2.png, Quarantined, 415, 731237, , , , , 9428C2002B46E2457570513CB38F0E88, E92AD27B8152C5DD0E2E28AB59E0F4827F893AA3ACB3F78932B1067A5A87A503
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\gtranslte.png, Quarantined, 415, 731237, , , , , C4C3B1448C740CB7527AD96BCFF78B3C, ABB886B7D12FAC6DB5C4D2CEECEE7472C0AE930C031039A3B29AF6B75BF92683
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\pinterest.png, Quarantined, 415, 731237, , , , , 42194A2D567AC7778F012F27B8D4A517, 0366459FA0DD39F4696E69A8AE4413CA729C834A0845499EB321F255D9EE3986
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\twitter.png, Quarantined, 415, 731237, , , , , 9DA6B7CAFE6E9F807BC113DFCF6DCEEB, E424B7EE462F1BF29A3A29F03D51E0C85A71065DD2EC310915E0AF5DFBD18CF0
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\twitter_tile_v2.png, Quarantined, 415, 731237, , , , , AD477086BFB7E3A4D85628E40A0027B9, 16F425BE8C2257082CE6CA1EFE75FF8EB9379A1233FAD25ACD2700C9A6135BE7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\yahoo.png, Quarantined, 415, 731237, , , , , 41A2186618CD318FECB583324BC12CB4, 9D1013C27D28A4D2A6A5E56AD6C74003A5B16815BF55757B4A9EB3215B61781E
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\yahoo_tile_v2.png, Quarantined, 415, 731237, , , , , 8A6E64EAEAF2C6D3FD99BA7DDA87C881, 839C454DB4EB0D6266C69D0508C98F3A722D3BC4550E56FFA682BD6F52098895
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\youtube.png, Quarantined, 415, 731237, , , , , 9EB31C0BCBE7C0951F3F6F1D4D0A34F5, 5A96BA8927E0B85F922DFFB6404F7385052479B237AEDC961EBF528A8EE30FE1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\youtube_tile_v2.png, Quarantined, 415, 731237, , , , , A7C30DCFAD5D33BC14D9BA374786A939, 3EB764F213B43C88FCA7B319324247E74C0BE0508F941FD50031A8F8EF4C5FD7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\DOC-to-PDF.jpg, Quarantined, 415, 731237, , , , , D5E2C08361C1631A07A37F80AEBAB82F, 870EEBFB15F896262E0C14794F8552D7566DD1C0734D2F224BFC6B086B8C725B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\PDF-to-DOC.jpg, Quarantined, 415, 731237, , , , , 5C33F457B28E23FA227C45C71E11AAD1, 93679E40968244D8B01D22E74CC01668D6F99330088BCB86CC6D38355E044A03
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\Translation.jpg, Quarantined, 415, 731237, , , , , 59E53F622A25B5C9D216087B0BC42817, 8206211E3BE7C6F3A36A29130DD786A080745D49A6C7B087C69C0C5CA20D2736
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\View-PDF.jpg, Quarantined, 415, 731237, , , , , CD4308B06D2C39743A3C88407C2F38F5, A5401BD3DD854688D2272F535BC9773C475871EE63469227E5299E25C675B593
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\01d.svg, Quarantined, 415, 731237, , , , , 91BF569906A08540DD30B87603DD14C0, 7F877B248F3FF20B65CF8B04328BFD35AAE658D7901F4C375722D1B6C781E6C4
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\01n.svg, Quarantined, 415, 731237, , , , , 3A5675A4A8797216EEA87EB651685FBD, CF200BB32A0475E47D63FA692CBFF221B12A40B6650460923C455C3E72B417BD
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\02d.svg, Quarantined, 415, 731237, , , , , A9EE40BC8EA6482ECF3217BBAD2C0DBB, 86B8F0EA51C1BE197C2A228CE7BBC3368B973F2AF93A786AD26E1FFBBA808392
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\02n.svg, Quarantined, 415, 731237, , , , , FA89FFBBA65F0FCC2085EB10E037C8C4, 7877EB3F89B1D9600AAA7ADF1B4678EC49BB362E70BD96E95267098555B870D1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\03d.svg, Quarantined, 415, 731237, , , , , 4D92354654B34FBC13D54009055350FE, 8DC413FB4089E93564D87BBE3452026B9CA169A96876CF9C04018D3710240611
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\03n.svg, Quarantined, 415, 731237, , , , , EA8CE541BD81A497DB154C45576BDC64, 4C28521358132AE4C14DF9EA1C78D7A2EDCAAAD7B1BFAAD14B32B4A8B20ED8C8
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\04d.svg, Quarantined, 415, 731237, , , , , 802A7898EE61A2495FF0829503034B82, DE52D064B40DF002BF2C5477B0A1E94639905BBB339409E9DF161732750AEB97
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\04n.svg, Quarantined, 415, 731237, , , , , 7C73AAC0F8F8726BD296AB78952F2E4C, 189C4A18855CCDB88074CCC192BAF403FDF8CCE4D7266DC1AF0D0F3C139CEB16
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\09d.svg, Quarantined, 415, 731237, , , , , E3D5A78C7FD6D635FA37364EEC497AD1, AC35DCBBDDA08309B98B43ACD63B48795A339D8535A44693A99F312A20D4A245
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\09n.svg, Quarantined, 415, 731237, , , , , E3D5A78C7FD6D635FA37364EEC497AD1, AC35DCBBDDA08309B98B43ACD63B48795A339D8535A44693A99F312A20D4A245
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\10d.svg, Quarantined, 415, 731237, , , , , 43E644FBC32C233DAE81CF8867BCA186, 74BDE29BE4A31C0E977566E3A2DD5AFD8C0089932199E3F99DA9B1C624E45271
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\10n.svg, Quarantined, 415, 731237, , , , , 6DF6F1350FE882002BBFA9CA8D3CA155, E19BB435B53D88C78A74B479716B321945A58A9D983AD8E00D6CA076E62B3078
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\11d.svg, Quarantined, 415, 731237, , , , , F09DDA9845543AE2851296CD61F9010D, 0D25EB3D591139E3F83FAF4D9A338CD7253A76A456190E191B302611A9157BD2
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\11n.svg, Quarantined, 415, 731237, , , , , F09DDA9845543AE2851296CD61F9010D, 0D25EB3D591139E3F83FAF4D9A338CD7253A76A456190E191B302611A9157BD2
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\13d.svg, Quarantined, 415, 731237, , , , , 4DBC85BDB2EA21F811FBB529C5AB92C5, 84B036879F2552EFE8B2FBFEF6B4BD2C94524B865C79CE74D636CF5208CE6268
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\13n.svg, Quarantined, 415, 731237, , , , , 4DBC85BDB2EA21F811FBB529C5AB92C5, 84B036879F2552EFE8B2FBFEF6B4BD2C94524B865C79CE74D636CF5208CE6268
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\50d.svg, Quarantined, 415, 731237, , , , , 60D739B46B108111B80BE45EB0FFCED0, 2C224A297B9EDABC64AF357DBF9DC251F55F51642008D270987C25A1D62D6E16
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\50n.svg, Quarantined, 415, 731237, , , , , 60D739B46B108111B80BE45EB0FFCED0, 2C224A297B9EDABC64AF357DBF9DC251F55F51642008D270987C25A1D62D6E16
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\angle-arrow-down.png, Quarantined, 415, 731237, , , , , 425C99F0A3D4F8DB303A12F9EF28EAAF, 825307A95824D83485CFB8C015BFAD064E6B2A3FD03425A668C56992337BC44A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bing.png, Quarantined, 415, 731237, , , , , BB17EF823996DC8DE713736CD542D2A3, 9A37C0A4AF294D70BBE1F751FA8A49F494268920EAB512112B129D92B75146A4
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bing_large.png, Quarantined, 415, 731237, , , , , EEF8B72DCABE1A740BEA89B19723628C, 96FF5E05A7DDFEBF34154A502AD7B1DCE914314FF334897FBB86DCA49D5AC092
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bluesky-bg.jpg, Quarantined, 415, 731237, , , , , 264E6A188FCC47A9A69169FC8130A383, B212BEBCCF4D150CA6F718EEC38B78A99A75F716450DA700C5BDE472949D0010
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\brush.png, Quarantined, 415, 731237, , , , , 5AB11CB242F23ABFFA4A597012F36854, F4111CBF2E0CA5B0DF7E6EFB6406C8C53A937D2C36121DC89AA934409F54A3B6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bt.png, Quarantined, 415, 731237, , , , , A366EEBA3F55C0DD73DC77D6A8ADB8E2, 22D73AFB1BC0026D0B666754990BBB0C1B36301ECD72775A92833D2FA60E18C6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\clock.png, Quarantined, 415, 731237, , , , , E010C449FDF59B76A6B0483668EF78A7, D17A6D266FB38258BDAF28366E9B4F518F8F2CC5E7BA7E6D88831A4A7FE5797F
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\cloud.png, Quarantined, 415, 731237, , , , , 1A77D783C753E3E031BEA93C4DCCDDC1, 046CEF5985AEFFBAAA9ED1F281292004B8ED3DCF0CEAE3CAFDD3AB91098F93A8
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\cupcake-bg.jpg, Quarantined, 415, 731237, , , , , 66A2DB7F8D36B709EEF6D8D0C590B542, BFAF8F20A6E24D552AB35E6339C8DEF9E78DB28572D92FDEDB34095EF32A7CC0
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\desk-bg.jpg, Quarantined, 415, 731237, , , , , 928C12FA79DAD8915196CC3F8CFE40EC, BE63CC05CDE965AE1A55841934B9A1B8BA044068F9D974F4AD6704AFC8476B7D
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\doodle.png, Quarantined, 415, 731237, , , , , D4958E87C7CE522E342F931A333970AE, B56A6859E8D7FA04C6F955310C013F5F9D97102897BC6D90A04BDDC3443941A7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\down.png, Quarantined, 415, 731237, , , , , 5F436C737EFD859DD954AD15EC903F0E, 23A86848A03543FBE499C02A56DB442D3345AB8118151A2A01AFCBF81AE33B1B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\enhanced_google.png, Quarantined, 415, 731237, , , , , 04D4914F9CC2EA1826B7FBB302401A88, 545A20533ABEECA889A9F99702EE3F4A8D8B143CD5011E4B46CC5A775D5FA225
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\eyeglass.png, Quarantined, 415, 731237, , , , , A3439A6B9105E00273F1D64303A973B9, B38E3C8DD6057C196276910F7BEF8C9C11523326BE86A61879EA774B51315569
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\gmx_large.png, Quarantined, 415, 731237, , , , , 02F3BC0B4806AFDEF155B36F99107394, 729C219E269E52B58961BF974710F56AC01B9B918FBCEE2EC01385EFE2254C35
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\google.png, Quarantined, 415, 731237, , , , , B7AF6C6DEC49F72B92F3BD2B79028D50, BBB2591E5F1582FBFA19D4E03AE972C45DB07737FDB491A588017F35DDF80406
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\google_large.png, Quarantined, 415, 731237, , , , , 9BD876775DA12C05DBAF6CB4B6FCD2CD, 141E34B9AF4159CC8540E271D38754B40CFB78BF924D495952E02DBE34ED411E
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\hero-bg.jpg, Quarantined, 415, 731237, , , , , A60D5FC412E50DD41C0E898311C73140, 11AFA541FED390CC0327837DB980F3D8DD4845BB6597AE8DD9AECCC7C8E04294
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\just-the-box-empty.png, Quarantined, 415, 731237, , , , , 2BE8B0A2019B6C84150804B0DDA8B275, 77D66810FA5B6EFD0F889F2BBE623F3977D05063D7B692E292447D5EAD6E932C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\just-the-box.png, Quarantined, 415, 731237, , , , , 1394F3CBAFB588010ADFB3DF8475894F, CABD24BAA737764D90312F2757F8E87B0E4276989124BD0EA12D1143D5E5F0BB
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\mountain-bg.jpg, Quarantined, 415, 731237, , , , , F8252134BCD456FA6DF7B24DE42A48E3, 1FD249649EB1FCA9D6DDA8D994AD5D29BEC0904767BB65BFB223235784BBB0A9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\pointer2.png, Quarantined, 415, 731237, , , , , 1FCF977389DE9A23148D1331C353F7EF, 15D5E0C3C9F03DFF71B48658CDA7D6A0E13D269CC9CCC781953BA68161386497
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\radio-selected.svg, Quarantined, 415, 731237, , , , , 70E45B0BFB992497BF11A446724954BB, A3299F958735F69A46AB58E56B254B7DBAF99175E5F5D40B086B1ACED1E6379B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\radio-unselected.svg, Quarantined, 415, 731237, , , , , 013641C182F47244720ABBB0BD24459F, BD33D6EBD2F0C2D1D8BF68C6630CB54C15610FA9D49B9AECD5DE0050BEAB7137
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sea-bg.jpg, Quarantined, 415, 731237, , , , , 237E09A65D3A9D21025A3D12069319F4, E2FC4CAB37A53B9C10CD8E123DDFC731D66771E2E118D7C8EB851C760B833065
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\settings.png, Quarantined, 415, 731237, , , , , 134CDABFEB143F1F90B4AEEB67F64A8F, E6A3573AB0A3266185BBFD967D5AEBD99DA20D60F33C3BB98E79CFA3521EA19E
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\smallMagnifier.png, Quarantined, 415, 731237, , , , , EBB15FE6852AE93EAE662EC0A844C8E4, 8530D04C0CF9A33F7C05343A13F01D07211556D51372BAD944A2A74640C48673
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\star-unselected.svg, Quarantined, 415, 731237, , , , , 3B9BC34A38EC1B79B06714E104BDA7A0, 95F223CB4ED1028E0FA2745C975F1F19AF6E6B56E1F9A0270C06DF56FBE2B3C6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\star.svg, Quarantined, 415, 731237, , , , , 277D4BA11CDE0B393D4D38DFECD3115F, 1FE906900C0A8AF9842598F70FADBF2251A0E149A419CB7E1D8137FB445B0ABA
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\todoc.png, Quarantined, 415, 731237, , , , , B4FD8B927FE39C15EF1BDC6C84A94851, E94A4FC440834E3F57835F7CB903AAFB4C148CD42E99FB8ED622AD598112718A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\toggle-off.svg, Quarantined, 415, 731237, , , , , 728DAC4DF75D600C748D0804E66F0EFC, 894152ACAA320CC76411645082471C4673E74118D58E67D68CEA30C0C95B683C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\toggle-on.svg, Quarantined, 415, 731237, , , , , C65FB3F5FAE84AD74D71CAC290215363, 129156E0B9797107E26587699AB7BF2C582EBFF2F23448D4E6627FBCA1FE6284
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\topdf.png, Quarantined, 415, 731237, , , , , 3A17D321390C29AB1C2340E8C4AAD65F, 96BC94E0163503CA81EDC1C503DA8D3D3279B33CE33E86947CF9CA4AAC59CEE9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\transparent_img.png, Quarantined, 415, 731237, , , , , ABA92128C4A2D1D5AA5263EC172BCAE0, 1E6E780B8183DA128B32DD6C5E572BE5411EF11A97D467EF04BFFCB92652AEE5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yahoo.png, Quarantined, 415, 731237, , , , , C29B41B6E54A4925FD72A21AD9B85457, A5E9DFC58D5FFF1CB6867587582790110D8FB0D8F3A80D9540399639139A63E3
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yahoo.svg, Quarantined, 415, 731237, , , , , C356F831B4B51C9EBD037D15F9B7043D, 79A57D4E90223AEF02E08127F527411C734385F631B1D79BDA8AD67E89BB8C60
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yahoo_large.png, Quarantined, 415, 731237, , , , , 91A19F74F2FF8A10168FE45BE4CCCF09, 55CD76BC20E66B75B2E6E529E33101830A247972B969AD64CB3679A2F12733B6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yandex.png, Quarantined, 415, 731237, , , , , DE26DBC6FAB21ECEE503986B92D0F2C4, 514A606D4ED87109E668E9AC5B3C751F280E9D58B18B530C63426234333DAAC1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\bundle.v0.0.1.min.css, Quarantined, 415, 731237, , , , , C689DFAD32773B80997CE303CB8B17EF, 3EFE2B5F682984E1B8D40F3E030F96C1C5E29C2C31BEED3D1F76AAEABDFABBC6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\skin\icons\16.png, Quarantined, 415, 731237, , , , , D03319C32C3CE8E905C52D3498477CA8, 9A1AACBA33C568AA7C7CCD5FC443DD17D7CCDF109560FC43FCBFB9BA34A254C5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor\md5.min.js, Quarantined, 415, 731237, , , , , C3A7222388987B8D12694736F6EF1595, 31D57206075645A34F442E3A56D5D2B445E437CF99739889BC1D65662B02BC31
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor\react-dom.min.js, Quarantined, 415, 731237, , , , , 1918A3A247F0D09607DC3A65EDA20785, 5E1B60ED026E361C01E40CDA51C82BD22A8DB428ADCCDF9CFFA939FD23AD10D5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor\react-with-addons.min.js, Quarantined, 415, 731237, , , , , 8F3E13A0CADB06A9F31CE589E89C717A, 88DFBC11D37000F060F5F6DE85EB38C7B024C09A8B7126152D17E8C8F277B653
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\en\messages.json, Quarantined, 415, 731237, , , , , 097F1938247E6E1B4C4204DFA859CB4D, 2D041F4572E002735D2D0AF4BC33AFF0BFFCE69A0DDE01128AF8307827B9564C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\fr\messages.json, Quarantined, 415, 731237, , , , , 3F3681E1030F417CA21B91EB8034ECE7, 32A5A3172F696B53D8CEF78DCFF1DA1EA95A931534DCCF005827A4BE25B825F7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\hi\messages.json, Quarantined, 415, 731237, , , , , 9D18797391C96190EDBD73D963112D3A, 169D91EBA382D0AA3BF5F5F4A27762DCF72178FA81FFBA480EBF33A09AED0D6B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\pt_BR\messages.json, Quarantined, 415, 731237, , , , , BA0F4CF80D9845B49E566D7E954A0C66, 78EAAE095CD6889CF30D9D9EA7EE24109B9853B1DE74D9FD9837F2296BEA7CC8
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\vi\messages.json, Quarantined, 415, 731237, , , , , 136730EF55C8BB5D97AEBBFB8E2A1CA6, E19069A53DC755603AEA5922A918709883787DFA7AE6841BCF52AE2B6E5BC821
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_metadata\verified_contents.json, Quarantined, 415, 731237, , , , , B0166C6DF69B9234B47134B796982018, B66BE6C3E399E63032421577BA8D53B2AECE30F4729BD0246F355B8C62379902
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, 415, 731237, , , , , 2BFC185BE71F44CD73AC81511FC1F5A5, CAC0586C980357E4DF7737EEB1FE52DCC81EAD29408D981930EE192EEF8A87B9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, 415, 731237, , , , , B495E340F4EF8924FEA0284C1BF9E7AC, 5FF3D9ABCFCFB4AABCA0D78A830FFC3D650BF349096D8430081C706A4CF39F5A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\background.html, Quarantined, 415, 731237, , , , , F5DF5D73677BE03BB5C534E44E793F19, 36510BCF9AD8BCCF2FD1A57D377C74AF2E9D1ECA7E754CEFDF56C5DC71A77E6F
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\background.v0.0.1.min.js, Quarantined, 415, 731237, , , , , 06742A08C8E043E1713012D831A8340A, A299258A555DB45295C0940777271AE399CF49C175DB19753CAD34BEB97143A7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, 415, 731237, , , , , C5A5CBF4DBCAA7064F2BC77F52101AEC, 6F6F5810C0E6D178304860E89D6F665727BC72CB9CD9F96A91C2291A2BB17C53
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\client.v0.0.1.min.js, Quarantined, 415, 731237, , , , , DBD7548B72BBB8CAF7E5E77E5F9639DF, D177E2ECE24FA67B45B42CAB47949AF77C2E1DCA07EE54B5BCE1F2BFFDFB9440
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\common.js.v0.0.1.min.js, Quarantined, 415, 731237, , , , , EB1BD40914525C1A9062304CB9405C82, 38D38174066D16FF6967A4E9E4F053453672D2847A39829AE8158FBEA174AFA2
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Quarantined, 415, 731237, , , , , E5D3501D500D07B0A1E952B0F8A81D78, C1FC1D23CA5632B0F8C494247569B7D0442DB6A154BEA1386D8CF7463F5294D1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\e_.json, Quarantined, 415, 731237, , , , , 541613A646627C352C67EBDFFE313EE2, 797E7597882F9D9362EED7232B9E515AF5A2B0EA6FDF9CE8FDB82A664E278109
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\index.html, Quarantined, 415, 731237, , , , , 5E6EBC50F2E867C5B26C5C279824164A, 74DB9780E82BA924DB1A0CDCBFEE48CF743AC6EC617DC4D78069A54485E8AF33
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\manifest.json, Quarantined, 415, 731237, , , , , 92E92795E72400712EC19B2C8079C63D, 5FD907621D9E6B5E551B8FE8E2CD08C9B8EB099B282D042495AE80DAA5649920
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\popupTab2.html, Quarantined, 415, 731237, , , , , B76103F2D58B5AF3A9D9AA82BB1FC76B, 21A3B11C73EF839039420E1FB52434D86C8B9489C4DA918DEF50ADCF19BA4D98
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\popupTab2.js, Quarantined, 415, 731237, , , , , 0D8FD67CBA435F898239A7067C8AA825, 8053BDC1F949AD0D255B3084FCFCE46B3067A96B99DC38183B68476847661B42
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\responseConfig.json, Quarantined, 415, 731237, , , , , 8900CCE964BE4511C73F31AB474D0546, 911FBE0A3795E9EF7D1D88DBC987FB6F34031C48D36432CE00489E1DB99E6667
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\JGHILJAAGGLMCDEOPNJKFHCIKJNDDHHC\13.2.2.61_0\MANIFEST.JSON, Quarantined, 15760, 731233, 1.0.64511, , ame, , C4FF2A7D8E24B79EEBB20B54513B4C9A, 2A15A06860FC80FFBBBE9ACA8C3400CFCA75031EDC090BD4689098C5960124C1
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\images\chromium.svg, Quarantined, 15760, 731233, , , , , 129885B674BA18766E5D50FE292D1A37, 5707D754CA7CA0FAC88756CC0AD2A2B9560895F54FCA375F6E3BACD490AC3EE6
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\images\shadow.png, Quarantined, 15760, 731233, , , , , 04FD8AAC163C7D0EF54B55ED32C8AF14, 0B63EFE6A84643D7D02C159105F61A578D36EA3EBAEC511BE481554FA138CCFB
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\background.html, Quarantined, 15760, 731233, , , , , 4E5370DDCDFF03169EE66920495772B5, 77CFB5CAE40A8027E3AB29ECCBB571A6186575DCE0B2C0D2CF3187545AD4D755
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\background.js, Quarantined, 15760, 731233, , , , , 8F86707A4F4292F21134AA022561EF8D, 93986C4023BB1168750CC24F3E80A5069092B2D6A93730095A90F9FD12999F2B
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\config.json, Quarantined, 15760, 731233, , , , , D09871255D2C9D1B9CF6275718EACF7C, 638D703389BCDFC6E26ED7CBC6870B6D88ED8552E381D8C61D73B6345D77AE9A
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\test.js, Quarantined, 15760, 731233, , , , , 3D3974C0D96A375B281AFCF7E4C5B6BC, CC8E6E9DF69230CD1ED71486FEA6F543C2BFD3026CA8C17562CE82BEA4104301
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\tr.js, Quarantined, 15760, 731233, , , , , B70672AA81350F9BAB74DB676B3817EA, 0A66A749D888656E17FDC4D997F2E004656B854792BDF9ED0A9AFBCB71EB8623
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\NCJBEINGOKDEIMLMOLAGJADDCCFDLKBD\1.0.0.58_0\MANIFEST.JSON, Quarantined, 15760, 731232, 1.0.64511, , ame, , BE8B86ADE9F9559C50BBC47255DD00AF, 8A127C676D73256FFA93ED8517A6FC97F9E82308FFAF57BD86C24533A003A1D4
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\ncjbeingokdeimlmolagjaddccfdlkbd\1.0.0.58_0\background.html, Quarantined, 15760, 731232, , , , , 2AD79573C9CF4D8C561865076DFBE546, F6BED3739D8CC6A4D79C4C0401638CFED58DE0829D3790461879C4D3A088E08E
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
================== eset.txt =======================================
1/11/2023 21:06:22 PM
Files scanned: 1514804
Detected files: 5
Cleaned files: 5
Total scan time 04:01:13
Scan status: Finished
C:\K_temp_see_readme_20190611.txt\DATA\computer\2019-05-29_slow_down_freezing\spsetup132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Windows.old\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Windows.old\Program Files\AVAST Software\Avast\setup\offertool_ais-906.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
G:\DATA\computer\2019-05-29_slow_down_freezing\spsetup132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
K:\DATA_BAK_TO_K\G\DATA\computer\2019-05-29_slow_down_freezing\spsetup132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
=========================================================
Thank you very much!
#27
Posted 11 January 2023 - 08:25 PM
BerDov
- Topic Starter
-
- Member
-
- 228 posts
Member
Excellent! Followed procedure, everything went smoothly.
Before posting logs, I'd like to offer a couple of editorial notes to the procedure, since the apps have been updated.
Re: AdwCleaner
"...A prompt to restart your computer will appear.
Click Restart Now..."
NOTE. No prompt appeared; computer was restarted manually;
"... Once your computer has restarted:
If it doesn't open automatically, please start AdwCleaner.
Click the Log Files tab..."
NOTE. I understood this as "start AdwCleaner and WITHOUT SCANNING click on the Log Files tab.
Re: Malware bytes
NOTE. computer was restarted manually;
================== AdwCleaner Log =======================================
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-11-2023
# Duration: 00:00:08
# OS: Windows 7 Professional
# Scanned: 32100
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1774 octets] - [11/01/2023 12:45:21]
AdwCleaner[S01].txt - [1833 octets] - [11/01/2023 16:26:20]
AdwCleaner[C01].txt - [1911 octets] - [11/01/2023 16:27:16]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
================== Malware bytes report =======================================
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 1/11/23
Scan Time: 4:38 PM
Log File: 3fc0b440-91f8-11ed-87b5-3464a9311ce3.json
-Software Information-
Version: 4.5.19.229
Components Version: 1.0.1860
Update Package Version: 1.0.64511
License: Free
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Compaq\DovBer
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 237096
Threats Detected: 153
Threats Quarantined: 153
Time Elapsed: 6 min, 28 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 3
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ByteFenceService, Quarantined, 1037, 389039, 1.0.64511, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\ByteFence, Quarantined, 1037, 388723, 1.0.64511, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\ByteFence, Quarantined, 1037, 388723, 1.0.64511, , ame, , ,
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 27
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP, Quarantined, 1037, 388718, , , , , ,
PUP.Optional.ByteFence, C:\PROGRAMDATA\BYTEFENCE, Quarantined, 1037, 388718, 1.0.64511, , ame, , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\pt_BR, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\en, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\fr, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\hi, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\vi, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\skin\icons, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_metadata, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\skin, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0, Quarantined, 415, 731237, , , , , ,
PUP.Optional.SearchManager, C:\USERS\DOVBER\APPDATA\LOCAL\chromium\USER DATA\Default\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, 415, 731237, 1.0.64511, , ame, , ,
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE, Quarantined, 1037, 823167, 1.0.64511, , ame, , ,
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\images, Quarantined, 15760, 731233, , , , , ,
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0, Quarantined, 15760, 731233, , , , , ,
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\JGHILJAAGGLMCDEOPNJKFHCIKJNDDHHC, Quarantined, 15760, 731233, 1.0.64511, , ame, , ,
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\ncjbeingokdeimlmolagjaddccfdlkbd\1.0.0.58_0, Quarantined, 15760, 731232, , , , , ,
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\NCJBEINGOKDEIMLMOLAGJADDCCFDLKBD, Quarantined, 15760, 731232, 1.0.64511, , ame, , ,
File: 123
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP\hosts_backup, Quarantined, 1037, 388718, , , , , A4ECA8014112A13122660B77E6F9ECA2, D311A04D648B6A745F75A8D55D063343BBB8758DFCF0AFFE1DDA9B7617DD4BC6
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP\uclogfile.bin, Quarantined, 1037, 388718, , , , , ,
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\HelveticaNeue-Thin.otf, Quarantined, 415, 731237, , , , , C5A5CBF4DBCAA7064F2BC77F52101AEC, 6F6F5810C0E6D178304860E89D6F665727BC72CB9CD9F96A91C2291A2BB17C53
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\HelveticaNeueLT-Roman.woff, Quarantined, 415, 731237, , , , , E5D3501D500D07B0A1E952B0F8A81D78, C1FC1D23CA5632B0F8C494247569B7D0442DB6A154BEA1386D8CF7463F5294D1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\neue-bold.woff, Quarantined, 415, 731237, , , , , 2BFC185BE71F44CD73AC81511FC1F5A5, CAC0586C980357E4DF7737EEB1FE52DCC81EAD29408D981930EE192EEF8A87B9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\fonts\neue.woff, Quarantined, 415, 731237, , , , , B495E340F4EF8924FEA0284C1BF9E7AC, 5FF3D9ABCFCFB4AABCA0D78A830FFC3D650BF349096D8430081C706A4CF39F5A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\128.png, Quarantined, 415, 731237, , , , , 462993FBF692B7CBEF76FC91BC9A32C6, C0311D29A4EA8A84406C7F3FD9034FEAAFA8DAB204D54C51A5BC59CA2F662AB6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\16.png, Quarantined, 415, 731237, , , , , D03319C32C3CE8E905C52D3498477CA8, 9A1AACBA33C568AA7C7CCD5FC443DD17D7CCDF109560FC43FCBFB9BA34A254C5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\48.png, Quarantined, 415, 731237, , , , , E204205D57A71FBE341B271444D6990E, 257B95A239165C716D740ABEF88647554A05D982306DE5E4F9D2A12457B8F88A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\close.png, Quarantined, 415, 731237, , , , , 8642A94143685C619E4679AE9636FF15, AF819CA0DDEBBE607B08B10E0E5862C7BE82CF66271EBE934D112CE9AF8EAEF5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\favicon.ico, Quarantined, 415, 731237, , , , , E204205D57A71FBE341B271444D6990E, 257B95A239165C716D740ABEF88647554A05D982306DE5E4F9D2A12457B8F88A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\icons\trends.svg, Quarantined, 415, 731237, , , , , 657D21838DC1D3C0928D86847011F596, 9ED15088EEB3CB84D9093EF48B60AAB855ECEB011B37E2CAEA77D45DBD903751
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\amazon_tile_v2.png, Quarantined, 415, 731237, , , , , 2D430D848785CB67DC858B623AD66046, 3C5ED4329A1A9FA0C065E11368D5A372A1FA9AF9CD64B31ABF00A925A4806B65
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\booking_tile_v2.png, Quarantined, 415, 731237, , , , , BAA43A54F24D6D76FD893BD99B427555, EF90601FED51EEC2D07324F5B984ACD570C167F03BFA056DDF7391D56CC20D4C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\ebay.png, Quarantined, 415, 731237, , , , , 35A8FAA7C63ED5A13125FC876F5A30B6, AF20FE86332943C0909222CCF4CEEB907AE4604C3B144B4A87A153825E0F8B2A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\ebay_tile_v2.png, Quarantined, 415, 731237, , , , , F5F13A4FED40D9F1EF360B4D04DE5D45, 1C96336EAA750717324171060302A0912BEDB4001989895BE710D60F85C08190
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\facebook.png, Quarantined, 415, 731237, , , , , 1E997E6F9059F1C4E8F12A7808D59479, F73E587C85322597E49465D9FEB5C52D1F12A6B9EB694922271A999D16274AB3
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\facebook_tile_v2.png, Quarantined, 415, 731237, , , , , CA77C97C09A9A2DA2F2AB44FDB831E76, EEBCB0E266FC94D8BA6E05BABDDE4925891560F4E15100CE044E80363D951804
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\gmail.png, Quarantined, 415, 731237, , , , , 433B8502243BD7A0C64167CEB3B90EA6, 119E1AB1FEA8CA3DD8CEA688C8514127087A7682CC582DB66AB31B5C8CD65EBC
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\gmail_tile_v2.png, Quarantined, 415, 731237, , , , , 9428C2002B46E2457570513CB38F0E88, E92AD27B8152C5DD0E2E28AB59E0F4827F893AA3ACB3F78932B1067A5A87A503
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\gtranslte.png, Quarantined, 415, 731237, , , , , C4C3B1448C740CB7527AD96BCFF78B3C, ABB886B7D12FAC6DB5C4D2CEECEE7472C0AE930C031039A3B29AF6B75BF92683
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\pinterest.png, Quarantined, 415, 731237, , , , , 42194A2D567AC7778F012F27B8D4A517, 0366459FA0DD39F4696E69A8AE4413CA729C834A0845499EB321F255D9EE3986
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\twitter.png, Quarantined, 415, 731237, , , , , 9DA6B7CAFE6E9F807BC113DFCF6DCEEB, E424B7EE462F1BF29A3A29F03D51E0C85A71065DD2EC310915E0AF5DFBD18CF0
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\twitter_tile_v2.png, Quarantined, 415, 731237, , , , , AD477086BFB7E3A4D85628E40A0027B9, 16F425BE8C2257082CE6CA1EFE75FF8EB9379A1233FAD25ACD2700C9A6135BE7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\yahoo.png, Quarantined, 415, 731237, , , , , 41A2186618CD318FECB583324BC12CB4, 9D1013C27D28A4D2A6A5E56AD6C74003A5B16815BF55757B4A9EB3215B61781E
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\yahoo_tile_v2.png, Quarantined, 415, 731237, , , , , 8A6E64EAEAF2C6D3FD99BA7DDA87C881, 839C454DB4EB0D6266C69D0508C98F3A722D3BC4550E56FFA682BD6F52098895
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\youtube.png, Quarantined, 415, 731237, , , , , 9EB31C0BCBE7C0951F3F6F1D4D0A34F5, 5A96BA8927E0B85F922DFFB6404F7385052479B237AEDC961EBF528A8EE30FE1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sitesThumbnails\youtube_tile_v2.png, Quarantined, 415, 731237, , , , , A7C30DCFAD5D33BC14D9BA374786A939, 3EB764F213B43C88FCA7B319324247E74C0BE0508F941FD50031A8F8EF4C5FD7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\DOC-to-PDF.jpg, Quarantined, 415, 731237, , , , , D5E2C08361C1631A07A37F80AEBAB82F, 870EEBFB15F896262E0C14794F8552D7566DD1C0734D2F224BFC6B086B8C725B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\PDF-to-DOC.jpg, Quarantined, 415, 731237, , , , , 5C33F457B28E23FA227C45C71E11AAD1, 93679E40968244D8B01D22E74CC01668D6F99330088BCB86CC6D38355E044A03
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\Translation.jpg, Quarantined, 415, 731237, , , , , 59E53F622A25B5C9D216087B0BC42817, 8206211E3BE7C6F3A36A29130DD786A080745D49A6C7B087C69C0C5CA20D2736
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\tiles\View-PDF.jpg, Quarantined, 415, 731237, , , , , CD4308B06D2C39743A3C88407C2F38F5, A5401BD3DD854688D2272F535BC9773C475871EE63469227E5299E25C675B593
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\01d.svg, Quarantined, 415, 731237, , , , , 91BF569906A08540DD30B87603DD14C0, 7F877B248F3FF20B65CF8B04328BFD35AAE658D7901F4C375722D1B6C781E6C4
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\01n.svg, Quarantined, 415, 731237, , , , , 3A5675A4A8797216EEA87EB651685FBD, CF200BB32A0475E47D63FA692CBFF221B12A40B6650460923C455C3E72B417BD
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\02d.svg, Quarantined, 415, 731237, , , , , A9EE40BC8EA6482ECF3217BBAD2C0DBB, 86B8F0EA51C1BE197C2A228CE7BBC3368B973F2AF93A786AD26E1FFBBA808392
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\02n.svg, Quarantined, 415, 731237, , , , , FA89FFBBA65F0FCC2085EB10E037C8C4, 7877EB3F89B1D9600AAA7ADF1B4678EC49BB362E70BD96E95267098555B870D1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\03d.svg, Quarantined, 415, 731237, , , , , 4D92354654B34FBC13D54009055350FE, 8DC413FB4089E93564D87BBE3452026B9CA169A96876CF9C04018D3710240611
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\03n.svg, Quarantined, 415, 731237, , , , , EA8CE541BD81A497DB154C45576BDC64, 4C28521358132AE4C14DF9EA1C78D7A2EDCAAAD7B1BFAAD14B32B4A8B20ED8C8
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\04d.svg, Quarantined, 415, 731237, , , , , 802A7898EE61A2495FF0829503034B82, DE52D064B40DF002BF2C5477B0A1E94639905BBB339409E9DF161732750AEB97
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\04n.svg, Quarantined, 415, 731237, , , , , 7C73AAC0F8F8726BD296AB78952F2E4C, 189C4A18855CCDB88074CCC192BAF403FDF8CCE4D7266DC1AF0D0F3C139CEB16
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\09d.svg, Quarantined, 415, 731237, , , , , E3D5A78C7FD6D635FA37364EEC497AD1, AC35DCBBDDA08309B98B43ACD63B48795A339D8535A44693A99F312A20D4A245
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\09n.svg, Quarantined, 415, 731237, , , , , E3D5A78C7FD6D635FA37364EEC497AD1, AC35DCBBDDA08309B98B43ACD63B48795A339D8535A44693A99F312A20D4A245
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\10d.svg, Quarantined, 415, 731237, , , , , 43E644FBC32C233DAE81CF8867BCA186, 74BDE29BE4A31C0E977566E3A2DD5AFD8C0089932199E3F99DA9B1C624E45271
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\10n.svg, Quarantined, 415, 731237, , , , , 6DF6F1350FE882002BBFA9CA8D3CA155, E19BB435B53D88C78A74B479716B321945A58A9D983AD8E00D6CA076E62B3078
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\11d.svg, Quarantined, 415, 731237, , , , , F09DDA9845543AE2851296CD61F9010D, 0D25EB3D591139E3F83FAF4D9A338CD7253A76A456190E191B302611A9157BD2
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\11n.svg, Quarantined, 415, 731237, , , , , F09DDA9845543AE2851296CD61F9010D, 0D25EB3D591139E3F83FAF4D9A338CD7253A76A456190E191B302611A9157BD2
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\13d.svg, Quarantined, 415, 731237, , , , , 4DBC85BDB2EA21F811FBB529C5AB92C5, 84B036879F2552EFE8B2FBFEF6B4BD2C94524B865C79CE74D636CF5208CE6268
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\13n.svg, Quarantined, 415, 731237, , , , , 4DBC85BDB2EA21F811FBB529C5AB92C5, 84B036879F2552EFE8B2FBFEF6B4BD2C94524B865C79CE74D636CF5208CE6268
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\50d.svg, Quarantined, 415, 731237, , , , , 60D739B46B108111B80BE45EB0FFCED0, 2C224A297B9EDABC64AF357DBF9DC251F55F51642008D270987C25A1D62D6E16
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\weather\50n.svg, Quarantined, 415, 731237, , , , , 60D739B46B108111B80BE45EB0FFCED0, 2C224A297B9EDABC64AF357DBF9DC251F55F51642008D270987C25A1D62D6E16
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\angle-arrow-down.png, Quarantined, 415, 731237, , , , , 425C99F0A3D4F8DB303A12F9EF28EAAF, 825307A95824D83485CFB8C015BFAD064E6B2A3FD03425A668C56992337BC44A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bing.png, Quarantined, 415, 731237, , , , , BB17EF823996DC8DE713736CD542D2A3, 9A37C0A4AF294D70BBE1F751FA8A49F494268920EAB512112B129D92B75146A4
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bing_large.png, Quarantined, 415, 731237, , , , , EEF8B72DCABE1A740BEA89B19723628C, 96FF5E05A7DDFEBF34154A502AD7B1DCE914314FF334897FBB86DCA49D5AC092
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bluesky-bg.jpg, Quarantined, 415, 731237, , , , , 264E6A188FCC47A9A69169FC8130A383, B212BEBCCF4D150CA6F718EEC38B78A99A75F716450DA700C5BDE472949D0010
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\brush.png, Quarantined, 415, 731237, , , , , 5AB11CB242F23ABFFA4A597012F36854, F4111CBF2E0CA5B0DF7E6EFB6406C8C53A937D2C36121DC89AA934409F54A3B6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\bt.png, Quarantined, 415, 731237, , , , , A366EEBA3F55C0DD73DC77D6A8ADB8E2, 22D73AFB1BC0026D0B666754990BBB0C1B36301ECD72775A92833D2FA60E18C6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\clock.png, Quarantined, 415, 731237, , , , , E010C449FDF59B76A6B0483668EF78A7, D17A6D266FB38258BDAF28366E9B4F518F8F2CC5E7BA7E6D88831A4A7FE5797F
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\cloud.png, Quarantined, 415, 731237, , , , , 1A77D783C753E3E031BEA93C4DCCDDC1, 046CEF5985AEFFBAAA9ED1F281292004B8ED3DCF0CEAE3CAFDD3AB91098F93A8
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\cupcake-bg.jpg, Quarantined, 415, 731237, , , , , 66A2DB7F8D36B709EEF6D8D0C590B542, BFAF8F20A6E24D552AB35E6339C8DEF9E78DB28572D92FDEDB34095EF32A7CC0
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\desk-bg.jpg, Quarantined, 415, 731237, , , , , 928C12FA79DAD8915196CC3F8CFE40EC, BE63CC05CDE965AE1A55841934B9A1B8BA044068F9D974F4AD6704AFC8476B7D
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\doodle.png, Quarantined, 415, 731237, , , , , D4958E87C7CE522E342F931A333970AE, B56A6859E8D7FA04C6F955310C013F5F9D97102897BC6D90A04BDDC3443941A7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\down.png, Quarantined, 415, 731237, , , , , 5F436C737EFD859DD954AD15EC903F0E, 23A86848A03543FBE499C02A56DB442D3345AB8118151A2A01AFCBF81AE33B1B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\enhanced_google.png, Quarantined, 415, 731237, , , , , 04D4914F9CC2EA1826B7FBB302401A88, 545A20533ABEECA889A9F99702EE3F4A8D8B143CD5011E4B46CC5A775D5FA225
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\eyeglass.png, Quarantined, 415, 731237, , , , , A3439A6B9105E00273F1D64303A973B9, B38E3C8DD6057C196276910F7BEF8C9C11523326BE86A61879EA774B51315569
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\gmx_large.png, Quarantined, 415, 731237, , , , , 02F3BC0B4806AFDEF155B36F99107394, 729C219E269E52B58961BF974710F56AC01B9B918FBCEE2EC01385EFE2254C35
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\google.png, Quarantined, 415, 731237, , , , , B7AF6C6DEC49F72B92F3BD2B79028D50, BBB2591E5F1582FBFA19D4E03AE972C45DB07737FDB491A588017F35DDF80406
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\google_large.png, Quarantined, 415, 731237, , , , , 9BD876775DA12C05DBAF6CB4B6FCD2CD, 141E34B9AF4159CC8540E271D38754B40CFB78BF924D495952E02DBE34ED411E
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\hero-bg.jpg, Quarantined, 415, 731237, , , , , A60D5FC412E50DD41C0E898311C73140, 11AFA541FED390CC0327837DB980F3D8DD4845BB6597AE8DD9AECCC7C8E04294
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\just-the-box-empty.png, Quarantined, 415, 731237, , , , , 2BE8B0A2019B6C84150804B0DDA8B275, 77D66810FA5B6EFD0F889F2BBE623F3977D05063D7B692E292447D5EAD6E932C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\just-the-box.png, Quarantined, 415, 731237, , , , , 1394F3CBAFB588010ADFB3DF8475894F, CABD24BAA737764D90312F2757F8E87B0E4276989124BD0EA12D1143D5E5F0BB
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\mountain-bg.jpg, Quarantined, 415, 731237, , , , , F8252134BCD456FA6DF7B24DE42A48E3, 1FD249649EB1FCA9D6DDA8D994AD5D29BEC0904767BB65BFB223235784BBB0A9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\pointer2.png, Quarantined, 415, 731237, , , , , 1FCF977389DE9A23148D1331C353F7EF, 15D5E0C3C9F03DFF71B48658CDA7D6A0E13D269CC9CCC781953BA68161386497
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\radio-selected.svg, Quarantined, 415, 731237, , , , , 70E45B0BFB992497BF11A446724954BB, A3299F958735F69A46AB58E56B254B7DBAF99175E5F5D40B086B1ACED1E6379B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\radio-unselected.svg, Quarantined, 415, 731237, , , , , 013641C182F47244720ABBB0BD24459F, BD33D6EBD2F0C2D1D8BF68C6630CB54C15610FA9D49B9AECD5DE0050BEAB7137
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\sea-bg.jpg, Quarantined, 415, 731237, , , , , 237E09A65D3A9D21025A3D12069319F4, E2FC4CAB37A53B9C10CD8E123DDFC731D66771E2E118D7C8EB851C760B833065
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\settings.png, Quarantined, 415, 731237, , , , , 134CDABFEB143F1F90B4AEEB67F64A8F, E6A3573AB0A3266185BBFD967D5AEBD99DA20D60F33C3BB98E79CFA3521EA19E
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\smallMagnifier.png, Quarantined, 415, 731237, , , , , EBB15FE6852AE93EAE662EC0A844C8E4, 8530D04C0CF9A33F7C05343A13F01D07211556D51372BAD944A2A74640C48673
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\star-unselected.svg, Quarantined, 415, 731237, , , , , 3B9BC34A38EC1B79B06714E104BDA7A0, 95F223CB4ED1028E0FA2745C975F1F19AF6E6B56E1F9A0270C06DF56FBE2B3C6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\star.svg, Quarantined, 415, 731237, , , , , 277D4BA11CDE0B393D4D38DFECD3115F, 1FE906900C0A8AF9842598F70FADBF2251A0E149A419CB7E1D8137FB445B0ABA
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\todoc.png, Quarantined, 415, 731237, , , , , B4FD8B927FE39C15EF1BDC6C84A94851, E94A4FC440834E3F57835F7CB903AAFB4C148CD42E99FB8ED622AD598112718A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\toggle-off.svg, Quarantined, 415, 731237, , , , , 728DAC4DF75D600C748D0804E66F0EFC, 894152ACAA320CC76411645082471C4673E74118D58E67D68CEA30C0C95B683C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\toggle-on.svg, Quarantined, 415, 731237, , , , , C65FB3F5FAE84AD74D71CAC290215363, 129156E0B9797107E26587699AB7BF2C582EBFF2F23448D4E6627FBCA1FE6284
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\topdf.png, Quarantined, 415, 731237, , , , , 3A17D321390C29AB1C2340E8C4AAD65F, 96BC94E0163503CA81EDC1C503DA8D3D3279B33CE33E86947CF9CA4AAC59CEE9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\transparent_img.png, Quarantined, 415, 731237, , , , , ABA92128C4A2D1D5AA5263EC172BCAE0, 1E6E780B8183DA128B32DD6C5E572BE5411EF11A97D467EF04BFFCB92652AEE5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yahoo.png, Quarantined, 415, 731237, , , , , C29B41B6E54A4925FD72A21AD9B85457, A5E9DFC58D5FFF1CB6867587582790110D8FB0D8F3A80D9540399639139A63E3
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yahoo.svg, Quarantined, 415, 731237, , , , , C356F831B4B51C9EBD037D15F9B7043D, 79A57D4E90223AEF02E08127F527411C734385F631B1D79BDA8AD67E89BB8C60
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yahoo_large.png, Quarantined, 415, 731237, , , , , 91A19F74F2FF8A10168FE45BE4CCCF09, 55CD76BC20E66B75B2E6E529E33101830A247972B969AD64CB3679A2F12733B6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\images\yandex.png, Quarantined, 415, 731237, , , , , DE26DBC6FAB21ECEE503986B92D0F2C4, 514A606D4ED87109E668E9AC5B3C751F280E9D58B18B530C63426234333DAAC1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\content\bundle.v0.0.1.min.css, Quarantined, 415, 731237, , , , , C689DFAD32773B80997CE303CB8B17EF, 3EFE2B5F682984E1B8D40F3E030F96C1C5E29C2C31BEED3D1F76AAEABDFABBC6
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\skin\icons\16.png, Quarantined, 415, 731237, , , , , D03319C32C3CE8E905C52D3498477CA8, 9A1AACBA33C568AA7C7CCD5FC443DD17D7CCDF109560FC43FCBFB9BA34A254C5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor\md5.min.js, Quarantined, 415, 731237, , , , , C3A7222388987B8D12694736F6EF1595, 31D57206075645A34F442E3A56D5D2B445E437CF99739889BC1D65662B02BC31
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor\react-dom.min.js, Quarantined, 415, 731237, , , , , 1918A3A247F0D09607DC3A65EDA20785, 5E1B60ED026E361C01E40CDA51C82BD22A8DB428ADCCDF9CFFA939FD23AD10D5
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\vendor\react-with-addons.min.js, Quarantined, 415, 731237, , , , , 8F3E13A0CADB06A9F31CE589E89C717A, 88DFBC11D37000F060F5F6DE85EB38C7B024C09A8B7126152D17E8C8F277B653
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\en\messages.json, Quarantined, 415, 731237, , , , , 097F1938247E6E1B4C4204DFA859CB4D, 2D041F4572E002735D2D0AF4BC33AFF0BFFCE69A0DDE01128AF8307827B9564C
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\fr\messages.json, Quarantined, 415, 731237, , , , , 3F3681E1030F417CA21B91EB8034ECE7, 32A5A3172F696B53D8CEF78DCFF1DA1EA95A931534DCCF005827A4BE25B825F7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\hi\messages.json, Quarantined, 415, 731237, , , , , 9D18797391C96190EDBD73D963112D3A, 169D91EBA382D0AA3BF5F5F4A27762DCF72178FA81FFBA480EBF33A09AED0D6B
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\pt_BR\messages.json, Quarantined, 415, 731237, , , , , BA0F4CF80D9845B49E566D7E954A0C66, 78EAAE095CD6889CF30D9D9EA7EE24109B9853B1DE74D9FD9837F2296BEA7CC8
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_locales\vi\messages.json, Quarantined, 415, 731237, , , , , 136730EF55C8BB5D97AEBBFB8E2A1CA6, E19069A53DC755603AEA5922A918709883787DFA7AE6841BCF52AE2B6E5BC821
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\_metadata\verified_contents.json, Quarantined, 415, 731237, , , , , B0166C6DF69B9234B47134B796982018, B66BE6C3E399E63032421577BA8D53B2AECE30F4729BD0246F355B8C62379902
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, 415, 731237, , , , , 2BFC185BE71F44CD73AC81511FC1F5A5, CAC0586C980357E4DF7737EEB1FE52DCC81EAD29408D981930EE192EEF8A87B9
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, 415, 731237, , , , , B495E340F4EF8924FEA0284C1BF9E7AC, 5FF3D9ABCFCFB4AABCA0D78A830FFC3D650BF349096D8430081C706A4CF39F5A
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\background.html, Quarantined, 415, 731237, , , , , F5DF5D73677BE03BB5C534E44E793F19, 36510BCF9AD8BCCF2FD1A57D377C74AF2E9D1ECA7E754CEFDF56C5DC71A77E6F
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\background.v0.0.1.min.js, Quarantined, 415, 731237, , , , , 06742A08C8E043E1713012D831A8340A, A299258A555DB45295C0940777271AE399CF49C175DB19753CAD34BEB97143A7
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, 415, 731237, , , , , C5A5CBF4DBCAA7064F2BC77F52101AEC, 6F6F5810C0E6D178304860E89D6F665727BC72CB9CD9F96A91C2291A2BB17C53
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\client.v0.0.1.min.js, Quarantined, 415, 731237, , , , , DBD7548B72BBB8CAF7E5E77E5F9639DF, D177E2ECE24FA67B45B42CAB47949AF77C2E1DCA07EE54B5BCE1F2BFFDFB9440
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\common.js.v0.0.1.min.js, Quarantined, 415, 731237, , , , , EB1BD40914525C1A9062304CB9405C82, 38D38174066D16FF6967A4E9E4F053453672D2847A39829AE8158FBEA174AFA2
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Quarantined, 415, 731237, , , , , E5D3501D500D07B0A1E952B0F8A81D78, C1FC1D23CA5632B0F8C494247569B7D0442DB6A154BEA1386D8CF7463F5294D1
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\e_.json, Quarantined, 415, 731237, , , , , 541613A646627C352C67EBDFFE313EE2, 797E7597882F9D9362EED7232B9E515AF5A2B0EA6FDF9CE8FDB82A664E278109
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\index.html, Quarantined, 415, 731237, , , , , 5E6EBC50F2E867C5B26C5C279824164A, 74DB9780E82BA924DB1A0CDCBFEE48CF743AC6EC617DC4D78069A54485E8AF33
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\manifest.json, Quarantined, 415, 731237, , , , , 92E92795E72400712EC19B2C8079C63D, 5FD907621D9E6B5E551B8FE8E2CD08C9B8EB099B282D042495AE80DAA5649920
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\popupTab2.html, Quarantined, 415, 731237, , , , , B76103F2D58B5AF3A9D9AA82BB1FC76B, 21A3B11C73EF839039420E1FB52434D86C8B9489C4DA918DEF50ADCF19BA4D98
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\popupTab2.js, Quarantined, 415, 731237, , , , , 0D8FD67CBA435F898239A7067C8AA825, 8053BDC1F949AD0D255B3084FCFCE46B3067A96B99DC38183B68476847661B42
PUP.Optional.SearchManager, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.71_0\responseConfig.json, Quarantined, 415, 731237, , , , , 8900CCE964BE4511C73F31AB474D0546, 911FBE0A3795E9EF7D1D88DBC987FB6F34031C48D36432CE00489E1DB99E6667
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\JGHILJAAGGLMCDEOPNJKFHCIKJNDDHHC\13.2.2.61_0\MANIFEST.JSON, Quarantined, 15760, 731233, 1.0.64511, , ame, , C4FF2A7D8E24B79EEBB20B54513B4C9A, 2A15A06860FC80FFBBBE9ACA8C3400CFCA75031EDC090BD4689098C5960124C1
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\images\chromium.svg, Quarantined, 15760, 731233, , , , , 129885B674BA18766E5D50FE292D1A37, 5707D754CA7CA0FAC88756CC0AD2A2B9560895F54FCA375F6E3BACD490AC3EE6
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\images\shadow.png, Quarantined, 15760, 731233, , , , , 04FD8AAC163C7D0EF54B55ED32C8AF14, 0B63EFE6A84643D7D02C159105F61A578D36EA3EBAEC511BE481554FA138CCFB
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\background.html, Quarantined, 15760, 731233, , , , , 4E5370DDCDFF03169EE66920495772B5, 77CFB5CAE40A8027E3AB29ECCBB571A6186575DCE0B2C0D2CF3187545AD4D755
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\background.js, Quarantined, 15760, 731233, , , , , 8F86707A4F4292F21134AA022561EF8D, 93986C4023BB1168750CC24F3E80A5069092B2D6A93730095A90F9FD12999F2B
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\config.json, Quarantined, 15760, 731233, , , , , D09871255D2C9D1B9CF6275718EACF7C, 638D703389BCDFC6E26ED7CBC6870B6D88ED8552E381D8C61D73B6345D77AE9A
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\test.js, Quarantined, 15760, 731233, , , , , 3D3974C0D96A375B281AFCF7E4C5B6BC, CC8E6E9DF69230CD1ED71486FEA6F543C2BFD3026CA8C17562CE82BEA4104301
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\13.2.2.61_0\tr.js, Quarantined, 15760, 731233, , , , , B70672AA81350F9BAB74DB676B3817EA, 0A66A749D888656E17FDC4D997F2E004656B854792BDF9ED0A9AFBCB71EB8623
PUP.Optional.FakeCHRMExt.Generic, C:\USERS\DOVBER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\NCJBEINGOKDEIMLMOLAGJADDCCFDLKBD\1.0.0.58_0\MANIFEST.JSON, Quarantined, 15760, 731232, 1.0.64511, , ame, , BE8B86ADE9F9559C50BBC47255DD00AF, 8A127C676D73256FFA93ED8517A6FC97F9E82308FFAF57BD86C24533A003A1D4
PUP.Optional.FakeCHRMExt.Generic, C:\Users\DovBer\AppData\Local\chromium\User Data\Default\Extensions\ncjbeingokdeimlmolagjaddccfdlkbd\1.0.0.58_0\background.html, Quarantined, 15760, 731232, , , , , 2AD79573C9CF4D8C561865076DFBE546, F6BED3739D8CC6A4D79C4C0401638CFED58DE0829D3790461879C4D3A088E08E
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
================== eset.txt =======================================
1/11/2023 21:06:22 PM
Files scanned: 1514804
Detected files: 5
Cleaned files: 5
Total scan time 04:01:13
Scan status: Finished
C:\K_temp_see_readme_20190611.txt\DATA\computer\2019-05-29_slow_down_freezing\spsetup132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Windows.old\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Windows.old\Program Files\AVAST Software\Avast\setup\offertool_ais-906.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
G:\DATA\computer\2019-05-29_slow_down_freezing\spsetup132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
K:\DATA_BAK_TO_K\G\DATA\computer\2019-05-29_slow_down_freezing\spsetup132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
=========================================================
Thank you very much!
#28
Posted 12 January 2023 - 08:58 AM
DR M
-
- Malware Removal
-
- 4,112 posts
The Grecian Geek
Hi, BerDov.
Thanks for the comments/info about the restart action when running the tools. They are getting updated so often, so it is not uncommon our instructions to be a bit different every time. 
I'll need to see fresh FRST logs now, please. Remove any external drives you have installed first.
- Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach these two logs in your next reply.
#29
Posted 12 January 2023 - 09:48 AM
BerDov
- Topic Starter
-
- Member
-
- 228 posts
Member
Thank you, Dr M,
Please see below:
=================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2023
Ran by DovBer (administrator) on COMPAQ (HP HP ProDesk 400 G3 MT) (12-01-2023 10:38:24)
Running from C:\Users\DovBer\Desktop
Loaded Profiles: DovBer
Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (GFI Software Development Ltd. -> GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(explorer.exe ->) (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Expression\Web 3\ExpressionWeb.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <19>
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(services.exe ->) (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (GFI Software Development Ltd. -> GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe
(services.exe ->) (GFI Software Development Ltd. -> GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(taskeng.exe ->) (Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-04-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-08-18] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [EPSON Stylus Photo R1800] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [GFI BackUp Freeware] => C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe [2318704 2012-01-12] (GFI Software Development Ltd. -> GFI Software Ltd.)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38916432 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123150720 2022-12-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Windows x64\Print Processors\Canon PRO-100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBD.DLL [30208 2014-10-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor PRO-100 series: C:\Windows\system32\CNMLMBD.DLL [406528 2014-10-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor PRO-100 series XPS: C:\Windows\system32\CNMXLMBD.DLL [409088 2014-10-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [375296 2014-07-11] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CutePDF Writer Monitor v3.2: C:\Windows\system32\cpwmon64_v32.dll [90096 2017-05-26] (Acro Software Inc -> )
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2009-07-13] (Microsoft Windows -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Stylus Photo R1800 64MonitorBA: C:\Windows\system32\E_ILM9LA.DLL [129536 2006-12-08] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {59853111-0854-4911-ABC5-556E82A3F35F} - System32\Tasks\{92030B0C-3E3D-47D3-ACC9-FE5D6D53C478} => C:\Windows\system32\pcalua.exe -a C:\epson\epson12333_R1800_printer_driver_65cas\SETUP\SETUP64.EXE -d C:\epson\epson12333_R1800_printer_driver_65cas\SETUP
Task: {91E4F216-2C51-426F-8DA1-5888D4ED1316} - System32\Tasks\CCleanerSkipUAC - DovBer => C:\Program Files\CCleaner\CCleaner.exe [32602448 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {98D3A401-4531-4C50-9077-9CCD08911062} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A1430AE4-8476-4827-BFD6-82F0AB23B5DB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-956995889-4081865807-2724082783-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746880 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Task: {A277452E-2321-47FC-90B9-BEA9C769D398} - System32\Tasks\AdobeAAMUpdater-1.0-Compaq-DovBer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AB1ABDA9-3674-4D49-973B-8770248080DB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-12-09] (Piriform Software Ltd -> Piriform)
Task: {D8DC930D-B5A0-4BAB-9B79-4BB51641C37E} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4669264 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "a8f2e377-022b-4626-83e1-be7a12439d7e" --version "6.07.10191" --silent
Task: {DA1FE4A1-9456-4532-B27B-EEE8CA06B4FF} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_DovBer => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5545552 2019-03-19] (Janos Mathe -> H.D.S. Hungary)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0A63B09D-5A87-4170-8171-E2004804DE9F}: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF DefaultProfile: e4s05sqm.default
FF ProfilePath: C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default [2023-01-12]
FF DownloadDir: G:\DATA\__message_boards
FF Homepage: Mozilla\Firefox\Profiles\e4s05sqm.default -> hxxp://www.bfcollection.net/
FF Extension: (F.B Purity - Cleans up Facebook) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2023-01-07] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2023-01-03]
FF Extension: (uBlock Origin) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-12-25]
FF Extension: (Avast Online Security & Privacy) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-11-16]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default [2023-01-11]
CHR DownloadDir: G:\DATA\__message_boards
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Slides) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-03]
CHR Extension: (Docs) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-03]
CHR Extension: (Google Drive) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-26]
CHR Extension: (YouTube) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-10]
CHR Extension: (Sheets) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-03]
CHR Extension: (Google Docs Offline) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-26]
CHR Extension: (Avast Online Security) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-03-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-26]
CHR Extension: (Gmail) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-26]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R2 GFIBckFAtt; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe [1011056 2012-01-12] (GFI Software Development Ltd. -> GFI Software Ltd.)
R2 GFIBckFSched; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe [2664816 2012-01-12] (GFI Software Development Ltd. -> GFI Software Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8892256 2022-12-17] (Malwarebytes Inc. -> Malwarebytes)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-05-13] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-05-13] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [95432 2014-05-23] (LSI Corporation -> LSI Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [52048 2013-02-06] (LSI Corporation -> LSI Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nvme; C:\Windows\system32\drivers\nvme.sys [70208 2015-06-02] (Samsung Electronics Co., Ltd. -> Samsung Electronic Co., Ltd)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [171768 2022-05-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [126080 2015-10-20] (High Criteria Inc -> High Criteria inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-01-12 10:38 - 2023-01-12 10:39 - 000021179 _____ C:\Users\DovBer\Desktop\FRST.txt
2023-01-11 16:55 - 2023-01-11 16:55 - 000001194 _____ C:\Users\DovBer\Desktop\ESET Online Scanner.lnk
2023-01-11 16:54 - 2023-01-11 16:54 - 015274968 _____ (ESET) C:\Users\DovBer\Desktop\esetonlinescanner.exe
2023-01-11 16:54 - 2023-01-11 16:54 - 000000000 ____D C:\Users\DovBer\AppData\Local\ESET
2023-01-11 13:34 - 2023-01-11 13:34 - 000045566 _____ C:\Users\DovBer\Desktop\2023-01-11_malwarebytes_threat_scan_results.txt
2023-01-11 12:41 - 2023-01-11 12:41 - 008791352 _____ (Malwarebytes) C:\Users\DovBer\Desktop\adwcleaner(1).exe
2023-01-11 12:39 - 2023-01-11 16:27 - 000000000 ____D C:\AdwCleaner
2023-01-11 12:38 - 2023-01-11 12:37 - 008551608 _____ (Malwarebytes) C:\Users\DovBer\Desktop\AdwCleaner.exe
2023-01-11 11:46 - 2023-01-11 12:04 - 000015340 _____ C:\Users\DovBer\Desktop\Fixlog.txt
2023-01-10 17:02 - 2023-01-10 17:02 - 000000000 ___HD C:\$Windows.~WS
2022-12-19 13:24 - 2023-01-12 10:39 - 000000000 ____D C:\FRST
2022-12-19 13:24 - 2023-01-11 11:45 - 000000000 ____D C:\Users\DovBer\Desktop\FRST-OlderVersion
2022-12-19 13:23 - 2023-01-11 11:45 - 002376704 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-01-12 09:46 - 2022-03-20 08:25 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-01-12 09:45 - 2017-10-10 15:37 - 000000000 ____D C:\Users\DovBer\AppData\LocalLow\Mozilla
2023-01-12 03:30 - 2009-07-13 23:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-01-12 03:30 - 2009-07-13 23:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-01-11 22:58 - 2018-01-02 09:40 - 000000000 ____D C:\Program Files\CCleaner
2023-01-11 16:48 - 2017-10-10 14:29 - 000000000 __SHD C:\Users\DovBer\IntelGraphicsProfiles
2023-01-11 16:48 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-01-11 12:03 - 2017-10-10 15:27 - 000000000 ___SD C:\Users\DovBer\AppData\LocalLow\Temp
2023-01-11 10:58 - 2022-09-21 14:20 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-01-10 17:02 - 2017-10-10 12:31 - 000000000 ____D C:\Windows\Panther
2023-01-10 16:53 - 2019-03-06 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2023-01-10 16:38 - 2017-10-10 18:06 - 000000000 ____D C:\Windows\system32\MRT
2023-01-10 16:32 - 2017-10-10 18:05 - 148633544 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-01-10 16:30 - 2017-10-10 17:11 - 000779796 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2023-01-10 16:30 - 2009-07-14 00:13 - 000779796 _____ C:\Windows\system32\PerfStringBackup.INI
2023-01-10 16:30 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2023-01-09 10:01 - 2020-08-24 13:01 - 000000000 ____D C:\Users\DovBer\AppData\Local\CrashDumps
2023-01-04 19:42 - 2019-06-02 09:49 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2023-01-02 13:21 - 2018-08-01 07:56 - 000012964 _____ C:\Users\DovBer\AppData\Roaming\Microsoft Excel 97-2003.CAL
2022-12-29 12:14 - 2017-10-14 19:00 - 000000000 ____D C:\Users\DovBer\AppData\Roaming\vlc
2022-12-28 16:56 - 2017-10-11 15:49 - 000000000 ____D C:\Users\DovBer\AppData\Local\CutePDF Writer
2022-12-14 10:58 - 2022-09-21 14:20 - 000003350 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2022-12-14 10:58 - 2018-01-02 09:40 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
==================== Files in the root of some directories ========
2017-11-25 16:39 - 2002-11-20 03:08 - 000681984 _____ (1-4a Rename) C:\Program Files\rename.exe
2020-09-10 07:25 - 2020-09-10 07:25 - 000000132 _____ () C:\Users\DovBer\AppData\Roaming\Adobe BMP Format CS5 Prefs
2022-01-20 22:03 - 2022-11-08 12:00 - 000000132 _____ () C:\Users\DovBer\AppData\Roaming\Adobe PNG Format CS5 Prefs
2021-07-01 08:25 - 2021-07-01 08:25 - 000000132 _____ () C:\Users\DovBer\AppData\Roaming\Adobe Targa Format CS5 Prefs
2018-08-01 07:56 - 2023-01-02 13:21 - 000012964 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft Excel 97-2003.CAL
2018-12-21 12:06 - 2018-12-21 12:06 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\PrintingModule
2018-12-21 12:06 - 2018-12-21 12:06 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\PrintsService
2018-12-21 12:06 - 2018-12-21 12:06 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\Profiles
2018-12-21 12:05 - 2018-12-21 12:05 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\Rule Actions
2017-12-01 08:59 - 2018-07-01 13:33 - 000012971 _____ () C:\Users\DovBer\AppData\Roaming\Tab Separated Values (DOS).CAL
2018-05-18 13:04 - 2018-06-06 23:38 - 000000174 _____ () C:\Users\DovBer\AppData\Roaming\WB.CFG
2019-03-11 08:49 - 2019-03-11 08:49 - 000003584 _____ () C:\Users\DovBer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2022-11-22 16:00 - 2022-11-22 16:00 - 000004096 ____H () C:\Users\DovBer\AppData\Local\keyfile3.drm
2020-06-18 16:24 - 2020-06-18 16:24 - 000002084 _____ () C:\Users\DovBer\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2023-01-12 00:01
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2023
Ran by DovBer (12-01-2023 10:39:41)
Running from C:\Users\DovBer\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X64) (2017-10-10 21:43:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-956995889-4081865807-2724082783-500 - Administrator - Disabled)
DovBer (S-1-5-21-956995889-4081865807-2724082783-1000 - Administrator - Enabled) => C:\Users\DovBer
Guest (S-1-5-21-956995889-4081865807-2724082783-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-956995889-4081865807-2724082783-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader 4.5 (HKLM\...\{180B9AE1-F87B-4107-8C68-4265E927D6A8}) (Version: 4.5.0.2482 - Open Media LLC)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.15.58233 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
Adobe AIR (HKLM-x32\...\{A2BCA9F1-566C-4805-97D1-7FDC93386723}) (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.87 - Hulubulu Software)
Amazon Kindle (HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version: - )
BookSmart® 3.5.0 3.5.0 (HKLM-x32\...\BookSmart® 3.5.0 3.5.0) (Version: - Blurb, Inc)
BookWright version 1.2.175 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.2.175 - Blurb, Inc.)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon PowerShot G1 X Camera User Guide (HKLM-x32\...\CameraUserGuide-PSG1X) (Version: 1.0.0.5 - Canon Inc.)
Canon PRO-100 series On-screen Manual (HKLM-x32\...\Canon PRO-100 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon PRO-100 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_PRO-100_series) (Version: - Canon Inc.)
Canon PRO-100 series User Registration (HKLM-x32\...\Canon PRO-100 series User Registration) (Version: - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\DPP) (Version: 3.11.3.10 - Canon Inc.)
Capture NX-D (HKLM\...\{2D088846-B670-47AF-91C3-76E0B3E887C3}) (Version: 1.4.7 - Nikon Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 6.07 - Piriform)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.8 - Ursa Minor Ltd)
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version: 3.2 - Acro Software Inc.)
Easy Photo Scan (HKLM-x32\...\{F2132D5C-4C3F-41A9-865B-68966A06B01C}) (Version: 1.00.0000 - Seiko Epson Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.0.1343 - Software MacKiev)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.5.0.20723 - Foxit Software Inc.)
FreeFileSync 10.13 (HKLM-x32\...\FreeFileSync_is1) (Version: 10.13 - FreeFileSync.org)
GFI BackUp Freeware (HKLM-x32\...\GFI BackUp Freeware) (Version: 4.0 - GFI Software Ltd.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.40 - Janos Mathe)
HL-L2340D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP SoftPaq Download Manager (HKLM-x32\...\{BB51845C-10A6-457F-A215-9B2D3E130889}) (Version: 3.6.2.0 - Hewlett-Packard Company)
Intel® Chipset Device Software (HKLM\...\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}) (Version: 10.1.1.9 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{A5536A08-5A7F-4330-8947-0372B500A3BD}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{C6C06C9F-B452-4C7A-AB83-F5931AB9B372}) (Version: 11.0.0.1163 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{94BC10B9-159A-44E8-BEA1-34BF765FEA58}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4821 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{E4945B75-A983-48E7-9AB6-B84AF13AF9B3}) (Version: 14.6.1.1030 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
IrfanView 4.59 (64-bit) (HKLM\...\IrfanView64) (Version: 4.59 - Irfan Skiljan)
ITK-SNAP (HKLM-x32\...\ITK-SNAP 3.8) (Version: 0.1.1 - Humanity)
Malwarebytes version 4.5.19.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.19.229 - Malwarebytes)
MicroDicom DICOM viewer 2022.1 (HKLM-x32\...\MicroDicom) (Version: 2022.1 - MicroDicom)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
Microsoft Corporation (HKLM\...\{9C5A08BF-BB99-4998-81BD-F6CC32483B34}) (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (HKLM-x32\...\{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}) (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{0E837AF0-4C92-4077-83F0-D022073F17C0}) (Version: 1.0.1327.0 - Microsoft Corporation)
Microsoft Expression Studio 3 (HKLM-x32\...\{44F7BA74-C11A-49FC-B2FC-1B827C491F74}) (Version: 3.0.1061.0 - Microsoft Corporation) Hidden
Microsoft Expression Studio 3 (HKLM-x32\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
Microsoft Expression Web 3 (HKLM-x32\...\{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}) (Version: 3.0.1762.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 3 (HKLM-x32\...\Web_3.0.1762.0) (Version: 3.0.1762.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (HKLM\...\{3C28BFD4-90C7-3138-87EF-418DC16E9598}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (HKLM\...\{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (HKLM-x32\...\{6C772996-BFF3-3C8C-860B-B3D48FF05D65}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (HKLM-x32\...\{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 106.0.3 (x64 en-US)) (Version: 106.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1.2 - Notepad++ Team)
OpenShot Video Editor version 2.4.3 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.3 - OpenShot Studios, LLC)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Perfection V550 User’s Guide version 1.0 (HKLM-x32\...\UsersGuidePerfection V550 User’s Guide_is1) (Version: 1.0 - )
Picture Control Utility 2 (HKLM\...\{46BEAB85-B86A-4AAB-B085-136ECA032CF4}) (Version: 2.3.1 - Nikon Corporation)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.15 - Nikon)
PTAssembler (HKLM-x32\...\PTAssembler_is1) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7503 - Realtek Semiconductor Corp.)
Russian Phonetic YaZHert - WinRus.com (HKLM\...\{DE3C0FDB-6BCC-4D98-A928-923A70A41670}) (Version: 1.0.3.40 - personal)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.56.0 - Samsung Electronics Co., Ltd.)
Skype version 8.92 (HKLM-x32\...\Skype_is1) (Version: 8.92 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Total Recorder 8.6 Professional Edition (HKLM-x32\...\TotalRecorder) (Version: - )
UltraFileSearch Std (HKLM-x32\...\{EC1DFA01-BA25-4E1C-A101-A8C8EDD821B2}) (Version: 6.1.0.21193 - Stegisoft) Hidden
UltraFileSearch Std (HKLM-x32\...\UltraFileSearch Std) (Version: - Stegisoft)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.2 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WPF Toolkit June 2009 (Version 3.5.40619.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.40619.1 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-01-29] (Notepad++ -> )
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {C0E10002-0028-0002-C0E1-C0E1C0E1C0E1} => C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfse90.dll [1999-03-29] (Novell, Inc., c/o Corel Corporation Limited) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {C0E10002-0028-0002-C0E1-C0E1C0E1C0E1} => C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfse90.dll [1999-03-29] (Novell, Inc., c/o Corel Corporation Limited) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [176416 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2009-07-15 10:02 - 2009-07-15 10:02 - 000577536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\en\Microsoft.Expression.Framework.resources.dll
2009-07-15 10:02 - 2009-07-15 10:02 - 001093632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\en\Microsoft.Expression.Web.resources.dll
2009-07-15 10:01 - 2009-07-15 10:01 - 000049152 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\Microsoft.Expression.Web.PageAnalysis.Preview.Firefox.dll
2017-12-04 15:15 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2019-05-28 14:51 - 2019-05-28 14:51 - 003594240 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\02dd01326c663b251f86e5986647deee\Microsoft.Expression.Framework.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000258048 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\030cce4277461b863fc2a786b051e492\Microsoft.Expression.Web.PageAnalysis.Preview.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000279040 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\108ecff0260213e0d24a9f5e7f776db7\Microsoft.Expression.Web.PageAnalysis.Preview.InternetExplorer.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 001221632 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\49205e10f10f4dcb1376072b570df9d3\Microsoft.Expression.Web.PageAnalysis.Preview.Controls.ni.dll
2019-05-28 14:51 - 2019-05-28 14:51 - 002527232 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\89dbb47c60112f05041771472dc8923a\Microsoft.Expression.Web.PageAnalysis.Preview.Controls.resources.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000266240 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\95520d579580ceca4de3a1d03400155a\Microsoft.Expression.Web.External.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000397312 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\ba116d5a4d7e601d295435fc56338b39\Microsoft.Expression.Web.PageAnalysis.Core.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 001203200 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\d9283bd31f144984d7fb8114b6a94677\Microsoft.Expression.Web.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000143872 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\e3dc4aa93241a16350e92e763cc12eb1\Microsoft.Expression.Web.Interop.ProtocolsInternal.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000143872 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\fa0cddec2fb7c76d3ef9f10bd4aea006\Microsoft.Expression.Web.PageAnalysis.Sdk.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000712192 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Autho#\538e01ed29831a45522184fa81e81032\Microsoft.Web.Authoring.ni.dll
2019-05-28 14:37 - 2019-05-28 14:37 - 000039424 _____ (Adobe Systems Incorporated) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8b89ec3dcb1a33d6e9a765fd4a0750f\PresentationCFFRasterizer.ni.dll
2017-12-04 15:16 - 2013-06-12 19:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-12-20 13:43 - 2014-07-11 03:50 - 000375296 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2015-08-18 16:20 - 2015-08-18 16:20 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2015-08-18 16:19 - 2015-08-18 16:19 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2009-07-15 10:01 - 2009-07-15 10:01 - 000052224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\Microsoft.Expression.Licensing.dll
2009-07-15 10:02 - 2009-07-15 10:02 - 006981632 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\Webber.dll
2022-09-01 16:21 - 2022-09-01 16:21 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2009-07-15 10:01 - 2009-07-15 10:01 - 002514432 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Expression\Web 3\Protocols.dll
2006-10-13 18:51 - 2006-10-13 18:51 - 000503296 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Office\Office12\usp10.DLL
2019-01-02 07:52 - 2019-01-02 07:52 - 001105920 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
2019-01-02 07:51 - 2019-01-02 07:51 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\MFC80ENU.DLL
2005-01-13 10:47 - 2005-01-13 10:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2012-04-02 11:15 - 2012-04-02 11:15 - 000110080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2023-01-11 12:00 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Corel Registration.lnk => C:\Windows\pss\Corel Registration.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK => C:\Windows\pss\CorelCENTRAL 9.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK => C:\Windows\pss\CorelCENTRAL Alarms.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Application Director 9.LNK => C:\Windows\pss\Desktop Application Director 9.LNK.CommonStartup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DB0B8916-C1B0-4C8F-A69B-B762EE38C77D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ED16AD2A-1771-4FD0-8AFA-DBD19F46E2A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9AF3BF05-3061-4DC8-9A9E-E5BB404CFE9A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{F4FAE521-7008-44A5-BB6A-9FDE3B10C5D9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{2D49C024-4D52-4B7A-8D46-0B7AB3ABC69D}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [UDP Query User{EC17843C-4678-4931-9010-4D9034AF3CA7}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [TCP Query User{34F2F3BC-EA22-41CB-8325-8E924F76ABCA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{49B772CD-81BE-4DC9-B364-FABC25C1C039}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{B1EF8B52-68CE-4B1C-BEED-38A922B8C5CF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{F4AF4816-CE35-400F-82DF-32FC130A1231}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{70F85D6B-BF8C-405F-92A2-7379C2818785}] => (Allow) C:\Users\DovBer\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DA8A8937-D425-4C1F-BC2A-58B02F158C15}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{9D508CAC-EA65-477A-B4EA-265FD1C709BA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{D8F7F4AD-5CF8-4D24-A138-EBFFFEDB7A91}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{233B29BD-0C9B-4AE1-8656-BCB6F73DA51C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{EC42D60D-C2E2-4983-8AAE-500FE44DB28B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3CEAE103-184D-45AF-87F8-9BC0645BDB99}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1FBA508E-E88A-4D6A-BB7C-1FAEAEA089E8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CF3F83D5-3453-44CA-B7AF-586066BB3CB4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1FF6648B-038A-4FD8-8078-C5E68E9E6660}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1CD673E-AF21-47E4-AAFD-9C11C5107AAB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
23-11-2022 00:00:01 Scheduled Checkpoint
11-12-2022 13:16:06 Scheduled Checkpoint
19-12-2022 00:00:01 Scheduled Checkpoint
27-12-2022 00:00:03 Scheduled Checkpoint
04-01-2023 00:00:04 Scheduled Checkpoint
10-01-2023 16:26:07 Windows Update
11-01-2023 11:46:09 Restore Point Created by FRST
==================== Faulty Device Manager Devices ============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/11/2023 04:49:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/11/2023 04:33:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/11/2023 12:07:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/11/2023 11:46:05 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {167776c3-d1ca-4bf9-ae82-fc0e7a826d34}
Error: (01/10/2023 04:52:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/05/2023 11:25:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpwin9.exe, version: 9.0.0.528, time stamp: 0x3702645c
Faulting module name: PFPI90.PFC, version: 9.0.0.528, time stamp: 0x370078f8
Exception code: 0xc0000005
Fault offset: 0x0004d7d7
Faulting process id: 0x2258
Faulting application start time: 0x01d91d55c6b98167
Faulting application path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
Faulting module path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFPI90.PFC
Report Id: 84020d30-8d15-11ed-ace9-3464a9311ce3
Error: (01/01/2023 08:09:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UltraFileSearchStd.exe version 6.1.0.21193 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1b8c
Start Time: 01d91e466f33ccb0
Termination Time: 7
Application Path: C:\Program Files (x86)\Stegisoft\UltraFileSearch Std\UltraFileSearchStd.exe
Report Id:
Error: (12/25/2022 12:59:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpwin9.exe, version: 9.0.0.528, time stamp: 0x3702645c
Faulting module name: PFPI90.PFC, version: 9.0.0.528, time stamp: 0x370078f8
Exception code: 0xc0000005
Fault offset: 0x0004d7d7
Faulting process id: 0x2e0
Faulting application start time: 0x01d9188a92110257
Faulting application path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
Faulting module path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFPI90.PFC
Report Id: de13cf27-847d-11ed-ace9-3464a9311ce3
System errors:
=============
Error: (01/12/2023 10:43:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
Error: (01/11/2023 04:59:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/11/2023 04:59:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DovBer\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/11/2023 04:59:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/11/2023 04:59:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DovBer\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/11/2023 04:59:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/11/2023 04:59:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DovBer\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/11/2023 04:59:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
==================== Memory info ===========================
BIOS: HP N03 Ver. 02.01 10/13/2015
Motherboard: HP 8061
Processor: Intel® Core™ i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 89%
Total physical RAM: 8057.43 MB
Available physical RAM: 855.59 MB
Total Virtual: 16113.01 MB
Available Virtual: 7922.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.29 GB) (Free:497.03 GB) (Model: WD WD10EZEX-60M2NA0 SCSI Disk Device) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
#30
Posted 12 January 2023 - 10:09 AM
DR M
-
- Malware Removal
-
- 4,112 posts
The Grecian Geek
OK, let's check the services now.
- Please download Farbar Service Scanner and save it on your Desktop. IMPORTANT.
- Right click on the tool icon and run it as administrator.
- Make sure all the options are checked.
- Click on the Scan button.
- It will create a log (FSS.txt) on your Desktop.
- Copy and paste the log's content to your next reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
