1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved 100 CPU and Chromium

Discussion in 'Malware and Virus Removal' started by JPT, 2019/03/14.

Page 2 of 3
  1. 2019/03/15
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\converter\doc-icon-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\converter\error-FF691E.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\converter\pdf-2-doc-9B9B9B.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\converter\pdf-2-doc-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\converter\pdf-icon-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\converter\success-FF8A5A.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\converter\tab-arrow-FF691E.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\converter\upload-FF691E.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\amazon-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\amazon.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\close.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\enlarge-000000-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\enlarge-FFCA00-000000.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\hulu-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\hulu.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\minimize-000000-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\netflix-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\netflix.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\refresh-FFFFFF-000000.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\shrink-FFCA00-000000.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\shuffle-000000.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\shuffle-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\vudu-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films\vudu.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\icons\128.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\icons\16.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\icons\48.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\icons\close.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\icons\favicon.ico, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\icons\trends.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\bing-maps-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\from-to-icon-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\google-maps-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\location-icon-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\search-4A4A4A.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\search-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\switch-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\tab-arrow-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\whereto-logo-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\maps\whereto-logo-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\facebook_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\aliexpress.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\aliexpress_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\amazon.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\amazon_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\booking.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\booking_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\ebay.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\ebay_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\expedia.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\expedia_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\facebook.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\gmail.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\gmail_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\google-translate-icon-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\gtranslte.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\pinterest.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\pinterest_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\twitter.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\twitter_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\wix.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\wix_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\yahoo.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\yahoo_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\youtube.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sitesThumbnails\youtube_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\tiles\DOC-to-PDF.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\tiles\PDF-to-DOC.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\tiles\Translation.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\tiles\View-PDF.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\01d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\01n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\02d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\02n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\03d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\03n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\04d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\04n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\09d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\09n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\10d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\10n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\11d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\11n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\13d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\13n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\50d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\weather\50n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\down.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\alot.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\angle-arrow-down.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\bing.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\bing_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\bluesky-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\brush.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\bt.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\clock.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\cloud.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\cupcake-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\desk-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\doodle.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\enhanced_google.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\eyeglass.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\eyeglass_transparent.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\films-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\gmx_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\google.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\google_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\hero-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\just-the-box-empty.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\just-the-box.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\mountain-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\pointer2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\radio-selected.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\radio-unselected.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\sea-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\search-D7D7D7.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\search-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\settings.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\smallMagnifier.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\star-unselected.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\star.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\todoc.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\toggle-off.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\toggle-on.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\topdf.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\transparent_img.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\yahoo.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\yahoo.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\yahoo_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\yandex.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\_enhanced_google.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\images\_gmx_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\content\bundle.v0.0.1.min.css, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\skin\icons\16.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\vendor\md5.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\vendor\react-dom.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\vendor\react-with-addons.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\_locales\en\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\_locales\fr\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\_locales\hi\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\_locales\pt_BR\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\_locales\vi\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\_metadata\verified_contents.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\AmpSearchServiceLocalList.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\background.html, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\background.v0.0.1.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\client.v0.0.1.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\common.js.v0.0.1.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\e_.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\index.html, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\manifest.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.71_0\responseConfig.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\fonts\HelveticaNeue-Thin.otf, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\fonts\HelveticaNeueLT-Roman.woff, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\fonts\neue-bold.woff, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\fonts\neue.woff, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\close-FF8A5A.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\collection-9B9B9B.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\collection-FF691E.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\doc-icon-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\error-FF691E.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\pdf-2-doc-9B9B9B.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\pdf-2-doc-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\pdf-icon-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\success-FF8A5A.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\tab-arrow-FF691E.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\converter\upload-FF691E.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\amazon-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\amazon.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\close.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\enlarge-000000-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\enlarge-FFCA00-000000.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\hulu-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\hulu.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\minimize-000000-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
     
    JPT,
    #21
  2. 2019/03/15
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\netflix-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\netflix.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\refresh-FFFFFF-000000.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\shrink-FFCA00-000000.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\shuffle-000000.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\shuffle-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\vudu-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films\vudu.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\icons\128.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\icons\16.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\icons\48.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\icons\close.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\icons\favicon.ico, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\icons\trends.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\bing-maps-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\from-to-icon-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\google-maps-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\location-icon-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\search-4A4A4A.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\search-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\switch-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\tab-arrow-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\whereto-logo-8881FF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\maps\whereto-logo-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\facebook_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\aliexpress.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\aliexpress_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\amazon.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\amazon_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\booking.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\booking_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\ebay.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\ebay_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\expedia.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\expedia_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\facebook.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\gmail.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\gmail_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\google-translate-icon-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\gtranslte.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\pinterest.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\pinterest_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\twitter.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\twitter_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\wix.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\wix_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\yahoo.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\yahoo_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\youtube.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sitesThumbnails\youtube_tile_v2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\tiles\DOC-to-PDF.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\tiles\PDF-to-DOC.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\tiles\Translation.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\tiles\View-PDF.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\01d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\01n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\02d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\02n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\03d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\03n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\04d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\04n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\09d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\09n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\10d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\10n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\11d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\11n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\13d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\13n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\50d.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\weather\50n.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\down.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\alot.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\angle-arrow-down.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\bing.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\bing_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\bluesky-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\brush.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\bt.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\clock.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\cloud.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\cupcake-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\desk-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\doodle.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\enhanced_google.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\eyeglass.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\eyeglass_transparent.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\films-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\gmx_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\google.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\google_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\hero-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\just-the-box-empty.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\just-the-box.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\mountain-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\pointer2.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\radio-selected.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\radio-unselected.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\sea-bg.jpg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\search-D7D7D7.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\search-FFFFFF.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\settings.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\smallMagnifier.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\star-unselected.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\star.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\todoc.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\toggle-off.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\toggle-on.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\topdf.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\transparent_img.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\yahoo.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\yahoo.svg, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\yahoo_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\yandex.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\_enhanced_google.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\images\_gmx_large.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\content\bundle.v0.0.1.min.css, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\skin\icons\16.png, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\vendor\md5.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\vendor\react-dom.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\vendor\react-with-addons.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\_locales\en\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\_locales\fr\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\_locales\hi\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\_locales\pt_BR\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\_locales\vi\messages.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\_metadata\verified_contents.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\background.html, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\background.v0.0.1.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\client.v0.0.1.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\common.js.v0.0.1.min.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\e_.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\index.html, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\manifest.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\popupTab2.html, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\popupTab2.js, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.52_0\responseConfig.json, Quarantined, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\ANDRE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\TEMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\ANDRE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [266], [626739],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\TEMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [266], [626739],1.0.9692
    PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Quarantined, [237], [254335],1.0.9692
    PUP.Optional.SearchManager, C:\USERS\KELLY\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [2058], [260989],1.0.9692
    PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence, Quarantined, [5931], [388721],1.0.9692
    PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS_MIGRATED\ByteFence, Quarantined, [5931], [391769],1.0.9692
    PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS_MIGRATED\ByteFence Scan, Quarantined, [5931], [391769],1.0.9692
    PUP.Optional.MindSpark.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_pdfconverterhq.dl.tb.ask.com_0.localstorage, Quarantined, [1733], [443123],1.0.9692
    PUP.Optional.MindSpark.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_pdfconverterhq.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1733], [443123],1.0.9692
    PUP.Optional.MindSpark.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_pdfconverterhq.dl.myway.com_0.localstorage, Quarantined, [1733], [443124],1.0.9692
    PUP.Optional.MindSpark.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_pdfconverterhq.dl.myway.com_0.localstorage-journal, Quarantined, [1733], [443124],1.0.9692
    PUP.Optional.SearchManager, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [2058], [453138],1.0.9692
    PUP.Optional.SearchModule, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_nahhmpbckpgdidfnmfkfgiflpjijilce_0.localstorage, Quarantined, [275], [453492],1.0.9692
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, Quarantined, [5931], [388726],1.0.9692
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, Quarantined, [5931], [390139],1.0.9692
     
    JPT,
    #22


  3. to hide this advert.

  4. 2019/03/15
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpoljlmamgmhmmnhhplffehjlljnilph\000003.log, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpoljlmamgmhmmnhhplffehjlljnilph\CURRENT, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpoljlmamgmhmmnhhplffehjlljnilph\LOCK, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpoljlmamgmhmmnhhplffehjlljnilph\LOG, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpoljlmamgmhmmnhhplffehjlljnilph\LOG.old, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpoljlmamgmhmmnhhplffehjlljnilph\MANIFEST-000001, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GPOLJLMAMGMHMMNHHPLFFEHJLLJNILPH\1.1.17.1220_0\MANIFEST.JSON, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\icons\128.png, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\icons\16.png, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\icons\32.png, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\icons\48.png, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\newtab\images\pb_yahoo.png, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\newtab\vendor\jquery\jquery-2.2.3.min.js, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\newtab\vendor\jquery\jquery-ui.css, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\newtab\bar.png, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\newtab\blank.css, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\newtab\learnmore.css, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\newtab\learnmore.html, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\newtab\modal.html, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\newtab\modal.js, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\_metadata\verified_contents.json, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\background.js, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\content.css, Quarantined, [14594], [503837],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoljlmamgmhmmnhhplffehjlljnilph\1.1.17.1220_0\content.js, Quarantined, [14594], [503837],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdmejgdbephapagdfiondmmepkbpchhg\000003.log, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdmejgdbephapagdfiondmmepkbpchhg\CURRENT, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdmejgdbephapagdfiondmmepkbpchhg\LOCK, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdmejgdbephapagdfiondmmepkbpchhg\LOG, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdmejgdbephapagdfiondmmepkbpchhg\LOG.old, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdmejgdbephapagdfiondmmepkbpchhg\MANIFEST-000001, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PDMEJGDBEPHAPAGDFIONDMMEPKBPCHHG\1.0.0_0\MANIFEST.JSON, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\icons\128.png, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\icons\16.png, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\icons\32.png, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\icons\48.png, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\newtab\images\pb_yahoo.png, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\newtab\vendor\jquery\jquery-2.2.3.min.js, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\newtab\vendor\jquery\jquery-ui.css, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\newtab\vendor\search_autocomplete.js, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\newtab\blank.css, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\newtab\blank.html, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\newtab\blank.js, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\_metadata\computed_hashes.json, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\_metadata\verified_contents.json, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\background.js, Quarantined, [14653], [443105],1.0.9692
    PUP.Optional.SearchNet.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdmejgdbephapagdfiondmmepkbpchhg\1.0.0_0\content.js, Quarantined, [14653], [443105],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gplllmgpkecboiciaknmfannieobcnbk\000003.log, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gplllmgpkecboiciaknmfannieobcnbk\CURRENT, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gplllmgpkecboiciaknmfannieobcnbk\LOCK, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gplllmgpkecboiciaknmfannieobcnbk\LOG, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gplllmgpkecboiciaknmfannieobcnbk\LOG.old, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gplllmgpkecboiciaknmfannieobcnbk\MANIFEST-000001, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GPLLLMGPKECBOICIAKNMFANNIEOBCNBK\1.0.17.1211_0\BACKGROUND.JS, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\css\style.css, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\css\font-awesome.css, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\css\font-awesome.min.css, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\fonts\fontawesome-webfont.eot, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\fonts\fontawesome-webfont.svg, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\fonts\fontawesome-webfont.ttf, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\fonts\fontawesome-webfont.woff, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\fonts\fontawesome-webfont.woff2, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\fonts\FontAwesome.otf, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\animated.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\bordered-pulled.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\core.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\fixed-width.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\font-awesome.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\icons.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\larger.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\list.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\mixins.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\path.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\rotated-flipped.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\screen-reader.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\stacked.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\less\variables.less, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\font-awesome.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_animated.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_bordered-pulled.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_core.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_fixed-width.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_icons.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_larger.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_list.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_mixins.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_path.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_rotated-flipped.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_screen-reader.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_stacked.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\font-awesome\scss\_variables.scss, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\js\newtab.js, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\js\newtab.js.map, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-bg_flat_0_aaaaaa_40x100.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-bg_flat_75_ffffff_40x100.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-bg_glass_55_fbf9ee_1x400.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-bg_glass_65_ffffff_1x400.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-bg_glass_75_dadada_1x400.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-bg_glass_75_e6e6e6_1x400.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-bg_glass_95_fef1ec_1x400.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-bg_highlight-soft_75_cccccc_1x100.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-icons_222222_256x240.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-icons_2e83ff_256x240.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-icons_454545_256x240.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-icons_888888_256x240.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\images\ui-icons_cd0a0a_256x240.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\jquery-1.8.3.js, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\jquery-ui.css, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\jquery\jquery-ui.js, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\dist\vendor\autocomplete.js, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\icons\128.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\icons\16.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\icons\32.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\icons\48.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\fonts\Roboto-Thin-webfont.eot, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\fonts\Roboto-Thin-webfont.svg, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\fonts\Roboto-Thin-webfont.ttf, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\fonts\Roboto-Thin-webfont.woff, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\facebook.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\amazon.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\arrow-down.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\bg-picker.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\bing_logo.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\blank-ico.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\btm-logo.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\close-white.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\close.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\d2p-col.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\doc-icon.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\dropbox.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\ebay.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\evernote.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\facebook_sm.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\form_bg.gif, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\giki.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\gmail.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\google.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\green_arrow.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\instagram.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\instargram.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\linkin.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\loading.svg, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\logo.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\mail.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\overlay.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\p2d-col.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\pb_yahoo.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\pdf-icon.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\pinterest.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\search_btn.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\spinning.gif, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\sports.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\squares.svg, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\star.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\tumbler.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\twitter.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\Untitled-6.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\weather.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\yahoo.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\yahoo_logo.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\images\youtube.png, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\index.html, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\learnmore.css, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\learnmore.html, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\uninstall.css, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\newtab\uninstall.html, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\_metadata\verified_contents.json, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\content.js, Quarantined, [14594], [504607],1.0.9692
    Adware.Cmptch.Generic, C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplllmgpkecboiciaknmfannieobcnbk\1.0.17.1211_0\manifest.json, Quarantined, [14594], [504607],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\USERS\KELLY\APPDATA\LOCAL\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\chromium-min.jpg, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\control panel-min-min.JPG, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\down.png, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\ff menu.JPG, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\ff search engine-min.png, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\hp-min ff.png, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\hp-min ie.png, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\search engine.gif, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\setup pages.gif, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\sp-min.png, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\start-min.jpg, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\HowToRemove\up.png, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\comecamet, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\install.log, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\macaferot, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\nelalil.cfg, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\netacose, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\reneto.dat, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\rerenaset.dat, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\setodaro.dat, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\sonetace, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\Sqlite3.dll, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\tecemed.dat, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\uninst.dat, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\uninst.exe, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.WinYahoo.TskLnk, C:\Users\kelly\AppData\Local\{342F0273-1087-6ECB-7D1F-4B235977B7BB}\uninstp.dat, Quarantined, [763], [542290],1.0.9692
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\UNINSTALL.EXE, Quarantined, [5931], [389016],1.0.9692
    PUP.Optional.ByteFence, C:\WINDOWS\TEMP\BYTEFENCE-UPDATE.EXE, Quarantined, [5931], [389016],1.0.9692
    PUP.Optional.TweakBit, C:\USERS\KELLY\DOWNLOADS\DRIVER-UPDATER-SETUP.EXE, Quarantined, [1578], [427277],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\ANDRE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [626729],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\ANDRE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [628563],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\ANDRE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [626729],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [626729],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [628563],1.0.9692
    PUP.Optional.SearchNet, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [372], [474772],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\KELLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [626729],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\TEMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [626729],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\TEMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [628563],1.0.9692
    PUP.Optional.SearchManager.BITSRST, C:\USERS\TEMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [626729],1.0.9692

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)
     
    JPT,
    #23
  5. 2019/03/15
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 3/15/19
    Scan Time: 8:22 PM
    Log File: 9feab5f2-4781-11e9-8aea-484d7ec2f2fa.json

    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.538
    Update Package Version: 1.0.9708
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.648)
    CPU: x64
    File System: NTFS
    User: DESKTOP-MBGVL12\kelly

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 470657
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 4 min, 27 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)
     
    JPT,
    #24
  6. 2019/03/15
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-03-11.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 03-15-2019
    # Duration: 00:00:08
    # OS: Windows 10 Home
    # Cleaned: 7
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
    Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
    Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
    Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
    Deleted HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
    Deleted HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1994 octets] - [15/03/2019 20:29:10]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     
    JPT,
    #25
  7. 2019/03/15
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-03-11.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 03-15-2019
    # Duration: 00:00:19
    # OS: Windows 10 Home
    # Scanned: 31892
    # Detected: 7


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
    PUP.Optional.ByteFence HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
    PUP.Optional.ByteFence HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
    PUP.Optional.ByteFence HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
    PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
    PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
    PUP.Optional.Legacy HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
     
    JPT,
    #26
  8. 2019/03/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
    broni,
    #27
  9. 2019/03/16
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
    Ran by kelly (16-03-2019 16:53:53)
    Running from C:\Users\kelly\Downloads
    Windows 10 Home Version 1803 17134.648 (X64) (2018-05-23 20:04:06)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2583827817-3298221616-2555839063-500 - Administrator - Disabled)
    andre (S-1-5-21-2583827817-3298221616-2555839063-1002 - Limited - Enabled) => C:\Users\andre
    DefaultAccount (S-1-5-21-2583827817-3298221616-2555839063-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-2583827817-3298221616-2555839063-1000 - Limited - Disabled) => C:\Users\defaultuser0
    Guest (S-1-5-21-2583827817-3298221616-2555839063-501 - Limited - Disabled)
    kelly (S-1-5-21-2583827817-3298221616-2555839063-1001 - Administrator - Enabled) => C:\Users\kelly
    WDAGUtilityAccount (S-1-5-21-2583827817-3298221616-2555839063-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
    Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Cricut Design Space Client (HKU\S-1-5-21-2583827817-3298221616-2555839063-1001\...\Cricut Design Space Client) (Version: 5.8.1806.151932 - Provo Craft)
    Cricut Design Space Client (HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\...\Cricut Design Space Client) (Version: 5.8.1902.081258 - Provo Craft)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
    Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
    Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
    Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
    Dell OSD (HKLM-x32\...\Dell OSD_is1) (Version: 1.4.3 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
    Dell SupportAssist (HKLM\...\{4CB4741A-20C1-454E-8276-993D06A76D67}) (Version: 2.2.3.2 - Dell Inc.)
    Dell SupportAssist Remediation (HKLM\...\{5832D99C-C9C6-437F-861C-43ED6333956F}) (Version: 4.1.0.6828 - Dell Inc.) Hidden
    Dell SupportAssist Remediation (HKLM-x32\...\{48253a97-70d4-4166-9a2b-80b3bb2fcc75}) (Version: 4.1.0.6828 - Dell Inc.)
    Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
    Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
    Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
    Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
    GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.75 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1058 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.139.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{fd62de85-bda9-4280-a95b-fa2f86e0dc58}) (Version: 1.48.139.0 - Intel Corporation) Hidden
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
    iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
    Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
    Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8973.0 - Waves Audio Ltd.) Hidden
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5119.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2583827817-3298221616-2555839063-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
    Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5119.1000 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5119.1000 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5119.1000 - Microsoft Corporation) Hidden
    Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 4.06 - NCH Software)
    Prism Video File Converter (HKLM-x32\...\Prism) (Version: 3.04 - NCH Software)
    proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
    Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.11.923.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8010 - Realtek Semiconductor Corp.)
    RogueKiller version 13.1.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.1.8.0 - Adlice Software)
    Silhouette Studio (HKLM-x32\...\{72328563-1539-4B32-827E-7FC7536E1241}) (Version: 3.6.057 - Silhouette America)
    SmartByte Drivers and Services (HKLM\...\{01F01829-4C5A-41B0-8198-0BDD02B34C47}) (Version: 2.0.643 - Rivet Networks)
    Spotify (HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\...\Spotify) (Version: 1.1.1.348.g9064793a - Spotify AB)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
    Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
    WhatsApp (HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\...\WhatsApp) (Version: 0.2.6426 - WhatsApp)
    Windows Driver Package - Provo Craft & Novelty, Inc. (usbser) Ports (08/01/2016 1.3.0.0) (HKLM\...\17736CDD02DF8CFDD0CC1097668A82C013C969F3) (Version: 08/01/2016 1.3.0.0 - Provo Craft & Novelty, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2583827817-3298221616-2555839063-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
    CustomCLSID: HKU\S-1-5-21-2583827817-3298221616-2555839063-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\igfxDTCM.dll [2018-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {026640A9-290C-4FBE-B94C-32BB554E14BB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe (CyberLink Corp. -> CyberLink Corp.)
    Task: {1159318D-3BE9-41AF-99BD-E00F5B4CBF8F} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe (Dropbox, Inc -> DropboxOEM)
    Task: {1306907E-B12E-41EF-B209-12371DB7A882} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp. -> CyberLink)
    Task: {1FA6D96C-705B-4219-9CAD-881547D06A9E} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice -> )
    Task: {2B074B10-B7AE-4733-85AB-79034A4EC9ED} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
    Task: {31A2BCA2-0B4B-44F2-88F3-B08C466C1562} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
    Task: {34B762B2-634E-416A-A0A6-205959EEF959} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {36274EB4-4269-4ACB-8F26-C056FDCAA169} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe (Rivet Networks LLC -> DELL)
    Task: {402B44DA-508F-4CB4-83B3-729FDE67E0E3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
    Task: {5BCADF14-13D2-4F6B-9030-25D4DD63721B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
    Task: {66A681F6-0892-43D7-BE8B-72F6C6842F54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {75617769-0156-4A23-949C-09A0E1917DD1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {91CDD73D-A58B-4F06-B54B-5D7C8B2A24DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {A36F7BD3-DE73-4130-B607-72B4FB59CAF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {C51A8342-DC34-4320-8083-2C4856907454} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
    Task: {CDF1A95A-72C6-403B-9D33-6E3BFCE83180} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs () [File not signed]
    Task: {D0E6D450-D0A9-4B61-B016-434D156383E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {D40B8B61-D30F-448B-915C-A049B3CF4695} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {D73E0FED-02A7-48C6-A2F4-9B6EC577C953} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {E0296F1A-B02B-4CE5-88AF-DB2FC0CF15E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {E751AF90-1F26-4EA9-B6BB-716F8B217425} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe (Dell Inc. -> Dell Inc.)
    Task: {EC7FBA6E-BB2D-4337-8473-E5AC273F8FAF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {EC9278D1-0CE0-4749-8C99-AAE1A2D9AB64} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP MBGVL12

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\kelly\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

    ShortcutWithArgument: C:\Users\kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb

    ==================== Loaded Modules (Whitelisted) ==============

    2017-02-11 02:13 - 2013-12-27 14:02 - 000192512 _____ () [File not signed] C:\Windows\SysWoW64\OSDSrv\OSDSrv.EXE
    2018-12-04 13:10 - 2018-12-04 13:10 - 000100864 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
    2017-02-11 02:13 - 2015-04-14 19:04 - 002091520 _____ (Wistron Corporation) [File not signed] C:\Windows\SysWOW64\OSDSrv\OSDApp.exe
    2019-03-09 21:06 - 2019-02-01 10:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
    2019-03-09 21:06 - 2019-02-01 10:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
    2019-03-09 21:06 - 2019-02-01 10:56 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\kelly\OneDrive\Documents\grace.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 07:47 - 2019-03-14 21:40 - 000002130 _____ C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 www.cricut.io
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 rp.yefeneri2.com
    0.0.0.0 os.yefeneri2.com
    0.0.0.0 os2.yefeneri2.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKU\S-1-5-21-2583827817-3298221616-2555839063-1001\...\StartupApproved\Run: => "Chromium"
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6204310D456754FD3B7FD7FE1DD3E0AD"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{8BC331A8-17E5-4B31-96CD-F011A4A66F74}C:\users\andre\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\andre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [TCP Query User{A8624A42-9859-4731-B01F-74D7DC284142}C:\users\andre\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\andre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B2253E72-2176-4C11-BED3-106B67ABFAD3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A56E59DE-0E34-4C38-83F1-B1BF1C3EE9FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A62AA030-A517-459E-81C4-EDDA7385FF12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{87C619F8-6D8C-4468-8A31-99CC94CE0EA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A2468EC5-532B-45F4-A312-64E99022D8CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{3B0D2EEC-6233-447F-BDD8-E75CA45573B0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{2F8D8682-1E5F-4385-9854-ACB471AEA262}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
    FirewallRules: [{5929A043-3E38-4EC5-9B40-98A66917C7BA}] => (Allow) C:\Users\kelly\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
    FirewallRules: [{869A94B9-DC87-4517-957C-19518AAE126C}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{C3309A9D-C133-4866-B913-377E0BB507C0}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{506E8FAA-12B7-40DD-ACB4-B3508E46350B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD14Agent.exe No File
    FirewallRules: [{652AF19E-0467-4083-A6F8-49198447C903}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
    FirewallRules: [{E1BCAAEC-8176-41E4-9C7D-88CCD72A92FB}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{20B48D6F-FA5F-4A64-8152-B405C927AD84}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector14\PDR10.EXE No File
    FirewallRules: [TCP Query User{77C934ED-CA91-4329-A71D-CA2A876896E8}C:\users\andre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [UDP Query User{CA9A40F4-1C9A-43DE-AE13-F72B99DC9A35}C:\users\andre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [TCP Query User{507B98AF-2333-4429-A72C-C52368B52699}C:\users\kelly\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\kelly\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe (Provo Craft & Novelty, Inc. -> Provo Craft & Novelty, Inc.)
    FirewallRules: [UDP Query User{B6361BF5-0530-4F90-92A9-D349977C1E99}C:\users\kelly\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\kelly\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe (Provo Craft & Novelty, Inc. -> Provo Craft & Novelty, Inc.)
    FirewallRules: [{FD382A62-C007-46DC-B88E-63BB74E52854}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
    FirewallRules: [{138483A4-A0D2-4218-867D-1C747E797C38}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
    FirewallRules: [TCP Query User{D38604BB-71ED-491F-AA00-5A3781AE8D67}C:\users\andre\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\andre\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe (Provo Craft & Novelty, Inc. -> Provo Craft & Novelty, Inc.)
    FirewallRules: [UDP Query User{20069CD6-C378-4146-A11E-025EA7B4C7A3}C:\users\andre\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\andre\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe (Provo Craft & Novelty, Inc. -> Provo Craft & Novelty, Inc.)
    FirewallRules: [{AF17970F-374A-414A-BFB3-456019970F12}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
    FirewallRules: [{CAC4A847-5911-42BA-8D95-315A1BFC8D48}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{9F63873F-EC8F-4CB9-A47E-C1D651F7D3A8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{6B02344C-55C9-41D0-BB46-DEA211C2C1BA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{65264969-DDCC-499D-A96F-C274C4B37D60}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{FEE03739-F42E-4504-BE45-A9CE712DC839}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Restore Points =========================

    07-03-2019 15:38:52 Scheduled Checkpoint
    14-03-2019 22:07:08 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/16/2019 04:31:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname DESKTOP-MBGVL12.local already in use; will try DESKTOP-MBGVL12-2.local instead

    Error: (03/16/2019 04:31:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 DESKTOP-MBGVL12.local. AAAA FE80:0000:0000:0000:A1B1:5511:B72B:0C76

    Error: (03/16/2019 04:31:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:A1B1:5511:B72B:0C76:5353 4 DESKTOP-MBGVL12.local. Addr 169.254.12.118

    Error: (03/15/2019 10:33:48 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (03/15/2019 10:28:27 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: UpdaterUI.exe, version: 6.0.6992.1236, time stamp: 0x5b3b18d5
    Faulting module name: KERNELBASE.dll, version: 10.0.17134.556, time stamp: 0xb9f4a0f1
    Exception code: 0xe0434352
    Fault offset: 0x000000000003a388
    Faulting process id: 0x1cdc
    Faulting application start time: 0x01d4db9fee037958
    Faulting application path: C:\Program Files\Dell\SupportAssistAgent\PCDr\Updater\6.0.6992.1236\UpdaterUI.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 42d67205-8a1c-4985-b8d7-db2fe772974e
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/15/2019 10:28:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: UpdaterUI.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at <StartupCode$UpdaterUI>.$Program..cctor()

    Exception Info: System.TypeInitializationException
    at Program..cctor()

    Exception Info: System.TypeInitializationException
    at Program.main(System.String[])

    Error: (03/15/2019 10:25:37 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./ROOT/default namespace does not exist. The query will be ignored.

    Error: (03/15/2019 10:25:37 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./ROOT/default namespace does not exist. The query will be ignored.


    System errors:
    =============
    Error: (03/16/2019 04:50:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGVL12)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-MBGVL12\kelly SID (S-1-5-21-2583827817-3298221616-2555839063-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/16/2019 04:37:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGVL12)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user DESKTOP-MBGVL12\kelly SID (S-1-5-21-2583827817-3298221616-2555839063-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 10:27:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGVL12)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-MBGVL12\kelly SID (S-1-5-21-2583827817-3298221616-2555839063-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 10:25:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The ZeroConfigService service terminated with the following error:
    %%2147770990

    Error: (03/15/2019 08:43:18 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGVL12)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-MBGVL12\kelly SID (S-1-5-21-2583827817-3298221616-2555839063-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 08:42:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGVL12)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-MBGVL12\kelly SID (S-1-5-21-2583827817-3298221616-2555839063-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 08:41:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 08:39:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The ZeroConfigService service terminated with the following error:
    %%2147770990


    CodeIntegrity:
    ===================================

    Date: 2019-03-14 22:21:09.939
    Description:
    Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-03-14 22:21:09.936
    Description:
    Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-03-14 22:21:09.430
    Description:
    Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-03-14 22:21:09.390
    Description:
    Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-03-14 22:21:09.384
    Description:
    Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-03-14 22:21:09.259
    Description:
    Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-03-14 22:19:36.137
    Description:
    Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-03-14 22:19:28.010
    Description:
    Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-7700T CPU @ 2.90GHz
    Percentage of memory in use: 42%
    Total physical RAM: 12185.13 MB
    Available physical RAM: 7002.54 MB
    Total Virtual: 15118.13 MB
    Available Virtual: 9082.92 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:917.29 GB) (Free:799.68 GB) NTFS

    \\?\Volume{a016a31d-63da-4bb4-bd53-3f721e7564da}\ () (Fixed) (Total:0.83 GB) (Free:0.46 GB) NTFS
    \\?\Volume{61458755-413e-4dc3-8aa0-cd424f4d0cea}\ (Image) (Fixed) (Total:11.69 GB) (Free:0.52 GB) NTFS
    \\?\Volume{5cf0b1cd-44ab-4553-b442-5863b2d7bcd0}\ (DELLSUPPORT) (Fixed) (Total:1.08 GB) (Free:0.48 GB) NTFS
    \\?\Volume{3d0b85fd-a58f-40af-a9b1-8a1196014b60}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: E6C5618A)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
    JPT,
    #28
  10. 2019/03/16
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2019 01
    Ran by kelly (administrator) on DESKTOP-MBGVL12 (16-03-2019 16:52:41)
    Running from C:\Users\kelly\Downloads
    Loaded Profiles: defaultuser0 & kelly & andre (Available Profiles: defaultuser0 & kelly & andre)
    Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\igfxCUIService.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\IntelCpHDCPSvc.exe
    (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
    () [File not signed] C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\IntelCpHeciSvc.exe
    (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\igfxEM.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\kelly\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Provo Craft & Novelty, Inc. -> Provo Craft & Novelty, Inc.) C:\Users\kelly\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutLauncher4.exe
    (Provo Craft & Novelty, Inc. -> Provo Craft & Novelty, Inc.) C:\Users\kelly\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutBridge4.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
    (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
    (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\pcdrwi.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
    (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Dell Inc -> Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
    (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
    (Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19011.19410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
    (Wistron Corporation) [File not signed] C:\Windows\SysWOW64\OSDSrv\OSDApp.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [OSDApp] => C:\Windows\SysWoW64\OSDSrv\OSDApp.exe [2091520 2015-04-14] (Wistron Corporation) [File not signed]
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc. -> Apple Inc.)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [942512 2016-12-06] (Waves Inc -> Waves Audio Ltd.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1001\...\Run: [Cricut Design Space3] => C:\Users\kelly\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutLauncher4.exe [459784 2018-06-15] (Provo Craft & Novelty, Inc. -> Provo Craft & Novelty, Inc.)
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\...\Run: [Spotify] => C:\Users\andre\AppData\Roaming\Spotify\Spotify.exe [25610984 2019-03-09] (Spotify AB -> Spotify Ltd)
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\...\Run: [Cricut Design Space3] => C:\Users\andre\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutLauncher4.exe [457736 2019-02-08] (Provo Craft & Novelty, Inc. -> Provo Craft & Novelty, Inc.)
    HKLM\...\Drivers32-x32: [vidc.pDAD] => prodad-codec.dll
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.75\Installer\chrmstp.exe [2019-03-14] (Google LLC -> Google Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{75A22DF0-B81D-46ed-B119-CD30507BD615}] -> C:\WINDOWS\system32\OSDEventCredProv.dll [2013-12-24] (Wistron Corporation) [File not signed]
    Startup: C:\Users\andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-01-11]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{19232ac1-eb9a-4885-9297-345c55fe59ac}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{b0f00674-10d1-48b4-8bc1-73e96e6574dd}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
    HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
    SearchScopes: HKU\S-1-5-21-2583827817-3298221616-2555839063-1002 -> DefaultScope {2A3FA172-69D7-4DAC-9B5A-3504B147E719} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default [2019-03-16]
    CHR Extension: (Slides) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
    CHR Extension: (Docs) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
    CHR Extension: (Google Drive) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-16]
    CHR Extension: (YouTube) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-16]
    CHR Extension: (Sheets) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
    CHR Extension: (Google Docs Offline) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-19]
    CHR Extension: (Save to Facebook) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2018-07-26]
    CHR Extension: (mydlink services plugin) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2017-08-20]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
    CHR Extension: (Gmail) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-16]
    CHR Extension: (Chrome Media Router) - C:\Users\kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-15]
    CHR HKU\S-1-5-21-2583827817-3298221616-2555839063-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
     
    JPT,
    #29
  11. 2019/03/16
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc. -> Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-14] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-14] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc -> Dell Inc.)
    R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc -> Dell Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc -> Dell Inc.)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc -> Dell Inc.)
    R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe [935744 2018-07-12] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
    R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc -> Dell Inc.)
    R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [293528 2018-10-20] (Dell Inc -> Dell Inc.)
    R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] (Dell Inc -> )
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [743728 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [720184 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-22] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> )
    R2 OSDSrv; C:\Windows\SysWoW64\OSDSrv\OSDSrv.EXE [192512 2013-12-27] () [File not signed]
    R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell Inc -> Dell)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink Corp. -> CyberLink)
    R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [45016 2018-07-08] (Dell Inc. -> Dell Inc.)
    R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [411056 2016-12-01] (Waves Inc -> Waves Audio Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
    S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [225680 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196072 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320696 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57960 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
    R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249672 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167304 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034432 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474456 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216784 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379952 2019-03-14] (AVAST Software s.r.o. -> AVAST Software)
    R4 DBUtil_2_3; C:\WINDOWS\TEMP\DBUtil_2_3.Sys [14840 2019-03-16] (Dell Inc. -> )
    R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Techporch Incorporated -> Dell Inc.)
    R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
    R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-09] (Malwarebytes Corporation -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-15] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-03-15] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-15] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-03-15] (Malwarebytes Corporation -> Malwarebytes)
    R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-10-19] (Realtek Semiconductor Corp. -> Realtek )
    R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-04] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-03-15] (Adlice -> )
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-03-15 22:30 - 2019-03-15 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2019-03-15 22:29 - 2019-03-15 22:29 - 000000000 ____D C:\Program Files\Microsoft Office 15
    2019-03-15 22:26 - 2019-03-15 22:26 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2019-03-15 22:25 - 2019-03-15 22:25 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-03-15 22:25 - 2019-03-15 22:25 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2019-03-15 22:25 - 2019-03-15 22:25 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2019-03-15 20:28 - 2019-03-15 20:31 - 000000000 ____D C:\AdwCleaner
    2019-03-15 20:28 - 2019-03-15 20:28 - 007316688 _____ (Malwarebytes) C:\Users\kelly\Downloads\AdwCleaner.exe
    2019-03-15 20:18 - 2019-03-15 20:18 - 000008650 _____ C:\Users\kelly\Desktop\report.txt
    2019-03-15 19:31 - 2019-03-15 20:41 - 000003152 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
    2019-03-15 19:31 - 2019-03-15 19:31 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2019-03-15 19:31 - 2019-03-15 19:31 - 000000000 ____D C:\ProgramData\RogueKiller
    2019-03-15 19:30 - 2019-03-15 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-03-15 19:30 - 2019-03-15 19:30 - 000000000 ____D C:\Program Files\RogueKiller
    2019-03-15 19:28 - 2019-03-15 19:29 - 029780408 _____ (Adlice Software ) C:\Users\kelly\Downloads\RogueKiller_setup_ref3.exe
    2019-03-14 23:17 - 2019-03-14 23:18 - 000056543 _____ C:\Users\kelly\Downloads\Addition.txt
    2019-03-14 23:15 - 2019-03-16 16:53 - 000027792 _____ C:\Users\kelly\Downloads\FRST.txt
    2019-03-14 23:14 - 2019-03-16 16:52 - 000000000 ____D C:\FRST
    2019-03-14 23:04 - 2019-03-14 23:04 - 002433536 _____ (Farbar) C:\Users\kelly\Downloads\FRST64.exe
    2019-03-14 22:16 - 2019-03-06 05:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-03-14 22:16 - 2019-03-06 04:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-03-14 22:16 - 2019-03-06 04:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-03-14 22:16 - 2019-03-06 04:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-03-14 22:16 - 2019-03-06 02:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-03-14 22:16 - 2019-03-06 01:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-03-14 22:16 - 2019-02-16 06:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2019-03-14 22:15 - 2019-03-06 11:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-03-14 22:15 - 2019-03-06 11:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-03-14 22:15 - 2019-03-06 11:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2019-03-14 22:15 - 2019-03-06 11:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-03-14 22:15 - 2019-03-06 11:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-03-14 22:15 - 2019-03-06 11:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-03-14 22:15 - 2019-03-06 11:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2019-03-14 22:15 - 2019-03-06 11:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2019-03-14 22:15 - 2019-03-06 11:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2019-03-14 22:15 - 2019-03-06 11:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2019-03-14 22:15 - 2019-03-06 11:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2019-03-14 22:15 - 2019-03-06 11:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-03-14 22:15 - 2019-03-06 11:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2019-03-14 22:15 - 2019-03-06 11:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-03-14 22:15 - 2019-03-06 11:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-03-14 22:15 - 2019-03-06 11:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2019-03-14 22:15 - 2019-03-06 08:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2019-03-14 22:15 - 2019-03-06 08:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2019-03-14 22:15 - 2019-03-06 08:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2019-03-14 22:15 - 2019-03-06 08:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-03-14 22:15 - 2019-03-06 08:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2019-03-14 22:15 - 2019-03-06 08:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-03-14 22:15 - 2019-03-06 08:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2019-03-14 22:15 - 2019-03-06 08:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-03-14 22:15 - 2019-03-06 08:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2019-03-14 22:15 - 2019-03-06 07:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-03-14 22:15 - 2019-03-06 05:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-03-14 22:15 - 2019-03-06 05:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-03-14 22:15 - 2019-03-06 05:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-03-14 22:15 - 2019-03-06 05:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2019-03-14 22:15 - 2019-03-06 05:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2019-03-14 22:15 - 2019-03-06 05:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2019-03-14 22:15 - 2019-03-06 05:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-03-14 22:15 - 2019-03-06 05:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2019-03-14 22:15 - 2019-03-06 05:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2019-03-14 22:15 - 2019-03-06 05:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
    2019-03-14 22:15 - 2019-03-06 05:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-03-14 22:15 - 2019-03-06 05:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-03-14 22:15 - 2019-03-06 05:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2019-03-14 22:15 - 2019-03-06 05:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-03-14 22:15 - 2019-03-06 05:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-03-14 22:15 - 2019-03-06 05:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-03-14 22:15 - 2019-03-06 05:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2019-03-14 22:15 - 2019-03-06 05:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-03-14 22:15 - 2019-03-06 05:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2019-03-14 22:15 - 2019-03-06 05:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-03-14 22:15 - 2019-03-06 05:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
    2019-03-14 22:15 - 2019-03-06 05:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
    2019-03-14 22:15 - 2019-03-06 05:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-03-14 22:15 - 2019-03-06 05:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-03-14 22:15 - 2019-03-06 05:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
    2019-03-14 22:15 - 2019-03-06 05:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2019-03-14 22:15 - 2019-03-06 05:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2019-03-14 22:15 - 2019-03-06 05:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2019-03-14 22:15 - 2019-03-06 05:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-03-14 22:15 - 2019-03-06 05:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-03-14 22:15 - 2019-03-06 05:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-03-14 22:15 - 2019-03-06 05:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-03-14 22:15 - 2019-03-06 05:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2019-03-14 22:15 - 2019-03-06 04:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-03-14 22:15 - 2019-03-06 04:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-03-14 22:15 - 2019-03-06 04:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2019-03-14 22:15 - 2019-03-06 04:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-03-14 22:15 - 2019-03-06 04:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
    2019-03-14 22:15 - 2019-03-06 04:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-03-14 22:15 - 2019-03-06 04:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-03-14 22:15 - 2019-03-06 04:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-03-14 22:15 - 2019-03-06 04:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2019-03-14 22:15 - 2019-03-06 04:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-03-14 22:15 - 2019-03-06 04:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-03-14 22:15 - 2019-03-06 04:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-03-14 22:15 - 2019-03-06 04:31 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2019-03-14 22:15 - 2019-03-06 04:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2019-03-14 22:15 - 2019-03-06 04:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
    2019-03-14 22:15 - 2019-03-06 04:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2019-03-14 22:15 - 2019-03-06 04:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2019-03-14 22:15 - 2019-03-06 04:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-03-14 22:15 - 2019-03-06 04:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2019-03-14 22:15 - 2019-03-06 04:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-03-14 22:15 - 2019-03-06 04:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-03-14 22:15 - 2019-03-06 04:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2019-03-14 22:15 - 2019-03-06 04:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-03-14 22:15 - 2019-03-06 04:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-03-14 22:15 - 2019-03-06 04:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-03-14 22:15 - 2019-03-06 04:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-03-14 22:15 - 2019-03-06 04:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-03-14 22:15 - 2019-03-06 04:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-03-14 22:15 - 2019-03-06 04:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
    2019-03-14 22:15 - 2019-03-06 04:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
    2019-03-14 22:15 - 2019-03-06 04:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
    2019-03-14 22:15 - 2019-03-06 03:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2019-03-14 22:15 - 2019-03-06 02:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-03-14 22:15 - 2019-03-06 02:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2019-03-14 22:15 - 2019-03-06 02:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-03-14 22:15 - 2019-03-06 02:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2019-03-14 22:15 - 2019-03-06 02:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2019-03-14 22:15 - 2019-03-06 02:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2019-03-14 22:15 - 2019-03-06 02:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
    2019-03-14 22:15 - 2019-03-06 02:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-03-14 22:15 - 2019-03-06 02:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2019-03-14 22:15 - 2019-03-06 02:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-03-14 22:15 - 2019-03-06 01:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-03-14 22:15 - 2019-03-06 01:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-03-14 22:15 - 2019-03-06 01:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-03-14 22:15 - 2019-03-06 01:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-03-14 22:15 - 2019-03-06 01:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-03-14 22:15 - 2019-03-06 01:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2019-03-14 22:15 - 2019-03-06 01:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2019-03-14 22:15 - 2019-03-06 01:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-03-14 22:15 - 2019-03-06 01:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
    2019-03-14 22:15 - 2019-03-06 01:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-03-14 22:15 - 2019-03-06 01:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2019-03-14 22:15 - 2019-03-06 01:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-03-14 22:15 - 2019-03-06 01:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2019-03-14 22:15 - 2019-03-06 01:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-03-14 22:15 - 2019-03-06 01:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2019-03-14 22:15 - 2019-03-06 01:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-03-14 22:15 - 2019-02-20 23:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2019-03-14 22:15 - 2019-02-16 09:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2019-03-14 22:15 - 2019-02-16 09:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2019-03-14 22:15 - 2019-02-16 09:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2019-03-14 22:15 - 2019-02-16 09:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2019-03-14 22:15 - 2019-02-16 09:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2019-03-14 22:15 - 2019-02-16 09:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2019-03-14 22:15 - 2019-02-16 09:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2019-03-14 22:15 - 2019-02-16 09:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2019-03-14 22:15 - 2019-02-16 09:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2019-03-14 22:15 - 2019-02-16 08:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2019-03-14 22:15 - 2019-02-16 08:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2019-03-14 22:15 - 2019-02-16 08:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2019-03-14 22:15 - 2019-02-16 08:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2019-03-14 22:15 - 2019-02-16 08:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2019-03-14 22:15 - 2019-02-16 08:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2019-03-14 22:15 - 2019-02-16 08:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-03-14 22:15 - 2019-02-16 08:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2019-03-14 22:15 - 2019-02-16 08:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
    2019-03-14 22:15 - 2019-02-16 08:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2019-03-14 22:15 - 2019-02-16 08:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-03-14 22:15 - 2019-02-16 08:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2019-03-14 22:15 - 2019-02-16 08:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
    2019-03-14 22:15 - 2019-02-16 08:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2019-03-14 22:15 - 2019-02-16 08:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
    2019-03-14 22:15 - 2019-02-16 08:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2019-03-14 22:15 - 2019-02-16 08:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2019-03-14 22:15 - 2019-02-16 08:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2019-03-14 22:15 - 2019-02-16 08:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
    2019-03-14 22:15 - 2019-02-16 08:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2019-03-14 22:15 - 2019-02-16 08:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
    2019-03-14 22:15 - 2019-02-16 08:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2019-03-14 22:15 - 2019-02-16 08:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
    2019-03-14 22:15 - 2019-02-16 08:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2019-03-14 22:15 - 2019-02-16 08:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2019-03-14 22:15 - 2019-02-16 08:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-03-14 22:15 - 2019-02-16 08:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2019-03-14 22:15 - 2019-02-16 08:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2019-03-14 22:15 - 2019-02-16 08:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2019-03-14 22:15 - 2019-02-16 08:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
    2019-03-14 22:15 - 2019-02-16 08:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
    2019-03-14 22:15 - 2019-02-16 06:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2019-03-14 22:15 - 2019-02-16 04:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2019-03-14 22:15 - 2019-02-16 04:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2019-03-14 22:15 - 2019-02-16 04:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2019-03-14 22:15 - 2019-02-16 04:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
    2019-03-14 22:15 - 2019-02-16 04:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2019-03-14 22:15 - 2019-02-16 04:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2019-03-14 22:15 - 2019-02-16 04:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2019-03-14 22:15 - 2019-02-16 04:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2019-03-14 22:15 - 2019-02-16 04:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2019-03-14 22:15 - 2019-02-16 04:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-03-14 22:15 - 2019-02-16 04:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-03-14 22:15 - 2019-02-16 04:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2019-03-14 22:15 - 2019-02-16 04:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2019-03-14 22:15 - 2019-02-16 04:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-03-14 22:15 - 2019-02-16 04:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2019-03-14 22:15 - 2019-02-16 04:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2019-03-14 22:15 - 2019-02-16 04:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-03-14 22:15 - 2019-02-16 04:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-03-14 22:15 - 2019-02-16 04:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2019-03-14 22:15 - 2019-02-16 04:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2019-03-14 22:15 - 2019-02-16 04:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2019-03-14 22:15 - 2019-02-16 04:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
    2019-03-14 22:15 - 2019-02-16 04:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-03-14 22:15 - 2019-02-16 04:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-03-14 22:15 - 2019-02-16 04:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2019-03-14 22:15 - 2019-02-16 04:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2019-03-14 22:15 - 2019-02-16 04:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
    2019-03-14 22:15 - 2019-02-16 03:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2019-03-14 22:15 - 2019-02-16 03:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2019-03-14 22:15 - 2019-02-16 03:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-03-14 22:15 - 2019-02-16 03:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2019-03-14 22:15 - 2019-02-16 03:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
    2019-03-14 22:15 - 2019-02-16 03:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2019-03-14 22:15 - 2019-02-16 03:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2019-03-14 22:15 - 2019-02-16 03:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2019-03-14 22:15 - 2019-02-16 03:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2019-03-14 22:15 - 2019-02-16 03:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2019-03-14 22:15 - 2019-02-16 03:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
    2019-03-14 22:15 - 2019-02-16 03:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2019-03-14 22:15 - 2019-02-16 03:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2019-03-14 22:15 - 2019-02-16 03:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-03-14 22:15 - 2019-02-16 03:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-03-14 22:15 - 2019-02-16 03:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-03-14 22:15 - 2019-02-16 03:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2019-03-14 22:15 - 2019-02-16 03:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2019-03-14 22:15 - 2019-02-16 03:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2019-03-14 22:15 - 2019-02-16 03:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2019-03-14 22:15 - 2019-02-16 03:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-03-14 22:15 - 2019-02-16 03:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2019-03-14 22:15 - 2019-02-16 03:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
    2019-03-14 22:15 - 2019-02-16 03:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
    2019-03-14 22:15 - 2019-02-16 03:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2019-03-14 22:15 - 2019-02-16 03:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-03-14 22:15 - 2019-02-16 03:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
    2019-03-14 22:15 - 2019-02-16 03:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2019-03-14 22:15 - 2019-02-16 03:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2019-03-14 22:15 - 2019-02-16 03:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
    2019-03-14 22:15 - 2019-02-16 03:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
    2019-03-14 22:15 - 2019-02-16 03:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2019-03-14 22:15 - 2019-02-16 03:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2019-03-14 22:15 - 2019-02-16 03:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
    2019-03-14 22:15 - 2019-02-16 03:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2019-03-14 22:15 - 2019-02-16 03:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
    2019-03-14 22:15 - 2019-02-16 03:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
    2019-03-14 22:15 - 2019-02-16 03:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2019-03-14 22:15 - 2019-02-16 03:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-03-14 22:15 - 2019-02-16 03:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2019-03-14 22:15 - 2019-02-16 03:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2019-03-14 22:15 - 2019-02-16 03:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2019-03-14 22:15 - 2019-02-16 03:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
    2019-03-14 22:15 - 2019-02-16 03:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2019-03-14 22:15 - 2019-02-16 03:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2019-03-14 22:15 - 2019-02-16 03:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2019-03-14 22:15 - 2019-02-16 03:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
    2019-03-14 22:15 - 2019-02-16 03:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2019-03-14 22:15 - 2019-02-16 03:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-03-14 22:15 - 2019-02-16 03:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2019-03-14 22:15 - 2019-02-16 03:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2019-03-14 22:15 - 2019-02-16 03:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2019-03-14 22:15 - 2019-02-16 03:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2019-03-14 22:15 - 2019-02-16 03:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2019-03-14 22:15 - 2019-02-16 03:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2019-03-14 22:15 - 2019-02-16 03:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2019-03-14 21:47 - 2019-03-14 21:47 - 000000000 ____D C:\Users\andre\AppData\Local\mbamtray
    2019-03-14 21:47 - 2019-03-14 21:47 - 000000000 ____D C:\Users\andre\AppData\Local\mbam
    2019-03-09 21:07 - 2019-03-09 21:07 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-03-09 21:07 - 2019-03-09 21:07 - 000000000 ____D C:\Users\kelly\AppData\Local\mbamtray
    2019-03-09 21:07 - 2019-03-09 21:07 - 000000000 ____D C:\Users\kelly\AppData\Local\mbam
    2019-03-09 21:06 - 2019-03-09 21:06 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-03-09 21:06 - 2019-03-09 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-03-09 21:06 - 2019-03-09 21:06 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-03-09 21:06 - 2019-03-09 21:06 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-03-09 21:06 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-03-09 21:06 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-03-09 21:05 - 2019-03-09 21:05 - 062445992 _____ (Malwarebytes ) C:\Users\kelly\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9610.exe
    2019-03-09 18:09 - 2019-03-09 18:09 - 000000441 _____ C:\Users\kelly\Desktop\USB Drive (E) - Shortcut.lnk
    2019-03-05 20:42 - 2019-03-05 20:42 - 000006480 _____ C:\Users\andre\Downloads\shark (3).svg
    2019-03-02 19:23 - 2019-03-02 19:23 - 000002633 _____ C:\Users\andre\Downloads\friends (1).svg
    2019-03-02 19:23 - 2019-03-02 19:23 - 000001680 _____ C:\Users\andre\Downloads\kell.svg
    2019-03-02 14:28 - 2019-03-02 14:28 - 000002633 _____ C:\Users\andre\Downloads\friends.svg
    2019-03-02 14:15 - 2019-03-02 14:15 - 000003951 _____ C:\Users\andre\Downloads\For Jennifer Ratcliffe.svg
    2019-02-28 15:10 - 2019-02-28 15:10 - 000032408 _____ C:\Users\andre\Downloads\T McD - Mickey Mouse - tada_for_personal_use_only.svg
    2019-02-28 15:00 - 2019-02-28 15:00 - 000027757 _____ C:\Users\andre\Downloads\Copy of mickeyandfriends.svg
    2019-02-28 14:46 - 2019-02-28 14:46 - 000045961 _____ C:\Users\andre\Downloads\DonaldTaDa.svg
    2019-02-25 13:43 - 2019-02-25 13:43 - 000000000 _____ C:\WINDOWS\invcol.tmp
    2019-02-23 18:42 - 2019-02-23 18:42 - 000000000 ____D C:\WINDOWS\{E9E39016-F1A4-4947-BF49-E0DACA61F95C}
    2019-02-19 20:07 - 2019-02-19 20:07 - 000002111 _____ C:\Users\andre\Desktop\Cricut Design Space.lnk
    2019-02-19 20:07 - 2019-02-19 20:07 - 000000000 ____D C:\Users\andre\AppData\Roaming\CricutDesignSpace3
    2019-02-19 20:06 - 2019-02-19 20:06 - 011356976 _____ (Provo Craft & Novelty, Inc.) C:\Users\andre\Downloads\CricutDesignSpace-5.8.1902.081258.exe
    2019-02-19 18:55 - 2019-02-19 18:55 - 000249672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2019-02-19 18:52 - 2019-02-19 18:51 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2019-02-19 13:46 - 2019-02-19 13:46 - 000020196 _____ C:\Users\andre\Downloads\life is better in flipflops-for personal use only.svg
    2019-02-19 13:29 - 2019-02-19 13:30 - 000070959 _____ C:\Users\andre\Downloads\made in-for personal use only.svg

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-03-16 16:50 - 2018-05-23 15:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-03-16 16:50 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-03-16 16:33 - 2018-05-23 16:03 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2019-03-15 22:50 - 2018-04-06 11:46 - 000000000 ____D C:\Users\kelly\AppData\Local\PlaceholderTileLogoFolder
    2019-03-15 22:43 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
    2019-03-15 22:32 - 2018-09-12 13:58 - 000000000 ____D C:\Users\kelly\AppData\Local\D3DSCache
    2019-03-15 22:32 - 2017-02-11 02:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-03-15 22:31 - 2018-05-23 15:54 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-03-15 22:28 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Registration
    2019-03-15 22:28 - 2017-11-07 18:51 - 000000000 ____D C:\ProgramData\Kaspersky Lab
    2019-03-15 22:26 - 2017-05-14 09:51 - 000000000 __SHD C:\Users\kelly\IntelGraphicsProfiles
    2019-03-15 22:25 - 2018-05-23 16:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-03-15 22:24 - 2018-04-11 17:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
    2019-03-15 20:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-03-15 20:05 - 2019-01-11 19:01 - 000002258 _____ C:\WINDOWS\System32\Tasks\SmartByte Telemetry
    2019-03-15 20:05 - 2018-05-23 16:03 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-03-15 20:05 - 2018-05-23 16:03 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-03-15 20:05 - 2018-05-23 16:03 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2583827817-3298221616-2555839063-1002
    2019-03-15 20:05 - 2018-05-23 16:03 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2583827817-3298221616-2555839063-1001
    2019-03-15 20:05 - 2018-05-23 16:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
    2019-03-15 19:22 - 2017-10-15 13:01 - 000000000 ____D C:\Users\andre\AppData\Roaming\Spotify
    2019-03-15 00:12 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-03-14 23:48 - 2017-10-15 13:02 - 000000000 ____D C:\Users\andre\AppData\Local\Spotify
    2019-03-14 23:03 - 2017-05-15 09:27 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-03-14 23:03 - 2017-05-15 09:27 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-03-14 23:01 - 2017-06-24 08:26 - 000000000 ___RD C:\Users\andre\Google Drive
    2019-03-14 22:55 - 2018-08-29 09:32 - 000000000 ___HD C:\OneDriveTemp
    2019-03-14 22:55 - 2017-05-15 09:23 - 000000000 ___RD C:\Users\andre\OneDrive
    2019-03-14 22:51 - 2017-05-15 09:21 - 000000000 __SHD C:\Users\andre\IntelGraphicsProfiles
    2019-03-14 22:50 - 2018-05-23 15:37 - 000474664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-03-14 22:47 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2019-03-14 22:47 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2019-03-14 22:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-03-14 22:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
    2019-03-14 22:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2019-03-14 22:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-03-14 22:47 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-03-14 22:47 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2019-03-14 22:43 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2019-03-14 22:25 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-03-14 22:12 - 2017-05-14 14:36 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-03-14 22:08 - 2017-05-14 14:36 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-03-14 22:04 - 2017-11-07 18:51 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
    2019-03-14 22:03 - 2017-11-07 18:52 - 000000000 ____D C:\Program Files\Common Files\AV
    2019-03-14 21:58 - 2018-07-10 18:55 - 000000000 ____D C:\Users\andre\AppData\Local\CrashDumps
    2019-03-14 21:58 - 2018-05-23 15:42 - 000000000 ____D C:\Users\kelly
    2019-03-14 21:54 - 2017-07-27 18:20 - 000379952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2019-03-14 21:50 - 2018-08-20 16:38 - 000000000 ____D C:\Users\andre\AppData\Local\D3DSCache
    2019-03-14 21:46 - 2018-05-23 15:42 - 000000000 ____D C:\Users\andre
    2019-03-09 21:06 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-03-09 17:49 - 2017-05-14 09:53 - 000000000 ____D C:\Users\kelly\AppData\Local\Comms
    2019-03-09 17:05 - 2018-06-26 19:15 - 000000000 ____D C:\Users\kelly\Downloads\glitter-alpha-1
    2019-03-09 17:05 - 2018-01-30 10:55 - 000000000 ____D C:\Users\kelly\Downloads\Cancun 2018 MR (1)
    2019-03-09 17:05 - 2017-10-18 13:41 - 000000000 ____D C:\Users\kelly\Downloads\ghost_shadow
    2019-03-09 13:01 - 2017-11-22 14:23 - 000000000 ____D C:\Users\kelly\AppData\Local\Packages
    2019-03-09 12:46 - 2018-05-23 15:42 - 000002416 _____ C:\Users\kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-03-09 12:46 - 2017-05-14 09:54 - 000000000 ___RD C:\Users\kelly\OneDrive
    2019-03-09 12:42 - 2017-11-22 14:49 - 000000000 ___RD C:\Users\kelly\3D Objects
    2019-03-09 12:42 - 2017-02-11 03:00 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-03-07 12:08 - 2018-05-23 15:42 - 000002416 _____ C:\Users\andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-03-05 19:34 - 2017-10-23 13:13 - 000000000 ____D C:\Users\andre\Desktop\temp files
    2019-03-03 12:54 - 2018-11-13 21:17 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-03-03 12:54 - 2018-11-13 21:17 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-03-01 09:40 - 2018-11-16 20:27 - 000000000 ____D C:\Program Files\rempl
    2019-02-23 18:43 - 2017-02-11 02:19 - 000000000 ____D C:\ProgramData\Dell
    2019-02-23 18:43 - 2017-02-11 02:17 - 000000000 ____D C:\ProgramData\Temp
    2019-02-23 18:42 - 2017-02-11 02:11 - 000000000 ____D C:\Program Files (x86)\Dell
    2019-02-23 18:42 - 2017-02-11 02:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2019-02-20 13:57 - 2017-11-22 14:22 - 000000000 ____D C:\Users\andre\AppData\Local\Packages
    2019-02-20 13:48 - 2018-02-01 12:18 - 000000000 ____D C:\Users\andre\AppData\Roaming\Apple Computer
    2019-02-19 18:55 - 2017-07-27 18:20 - 000474456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2019-02-19 18:51 - 2018-10-26 16:29 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2019-02-19 18:51 - 2017-07-27 18:20 - 000216784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2019-02-19 18:51 - 2017-07-27 18:20 - 000167304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2019-02-19 18:51 - 2017-07-27 18:20 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2019-02-19 18:51 - 2017-07-27 18:20 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2019-02-19 18:50 - 2019-01-14 09:57 - 000225680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
    2019-02-19 18:50 - 2019-01-08 10:29 - 000320696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
    2019-02-19 18:50 - 2019-01-08 10:29 - 000196072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
    2019-02-19 18:50 - 2019-01-08 10:29 - 000057960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
    2019-02-19 18:50 - 2019-01-08 10:29 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
    2019-02-19 18:50 - 2017-11-18 11:16 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2019-02-19 18:50 - 2017-07-27 18:20 - 001034432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2019-02-19 18:44 - 2017-02-11 02:16 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2019-02-19 18:44 - 2017-02-11 02:15 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2019-02-15 09:37 - 2018-05-23 16:03 - 000003996 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2019-02-15 09:37 - 2018-05-23 16:03 - 000003764 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore

    ==================== Files in the root of some directories =======

    2018-06-16 00:45 - 2018-12-07 12:03 - 000000063 _____ () C:\Users\kelly\AppData\Roaming\WB.CFG
    2017-09-07 11:50 - 2017-09-07 11:50 - 000001279 _____ () C:\Users\kelly\AppData\Local\recently-used.xbel

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\dllhost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-05-23 15:37

    ==================== End of FRST.txt ============================
     
    JPT,
    #30
  12. 2019/03/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    broni,
    #31
  13. 2019/03/16
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
    Ran by kelly (16-03-2019 21:30:17) Run:1
    Running from C:\Users\kelly\Desktop
    Loaded Profiles: kelly (Available Profiles: defaultuser0 & kelly & andre)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: {D40B8B61-D30F-448B-915C-A049B3CF4695} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\kelly\OneDrive\Documents\grace.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
    FirewallRules: [{506E8FAA-12B7-40DD-ACB4-B3508E46350B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD14Agent.exe No File
    FirewallRules: [{652AF19E-0467-4083-A6F8-49198447C903}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
    FirewallRules: [{20B48D6F-FA5F-4A64-8152-B405C927AD84}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector14\PDR10.EXE No File
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)

    *****************

    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D40B8B61-D30F-448B-915C-A049B3CF4695}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D40B8B61-D30F-448B-915C-A049B3CF4695}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    C:\Users\kelly\OneDrive\Documents\grace.docx => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{506E8FAA-12B7-40DD-ACB4-B3508E46350B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{652AF19E-0467-4083-A6F8-49198447C903}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20B48D6F-FA5F-4A64-8152-B405C927AD84}" => removed successfully
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
    "C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE" => not found

    ==== End of Fixlog 21:30:19 ====
     
    JPT,
    #32
  14. 2019/03/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
    broni,
    #33
  15. 2019/03/16
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avast Antivirus
    Windows Defender
    Malwarebytes
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Google Chrome (73.0.3683.75)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamtray.exe
    Windows Defender MSASCuiL.exe
    Intel iCLS Client AvastSvc.exe -?-
    AVAST Software Avast AvastUI.exe
    Kaspersky Lab Kaspersky Secure Connection 2.0 ksde.exe
    Kaspersky Lab Kaspersky Secure Connection 2.0 ksdeui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
    JPT,
    #34
  16. 2019/03/16
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    Farbar Service Scanner Version: 27-01-2016
    Ran by kelly (administrator) on 16-03-2019 at 22:01:46
    Running from "C:\Users\kelly\Downloads"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
    JPT,
    #35
  17. 2019/03/17
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    no threats found by sophos.
     
    JPT,
    #36
  18. 2019/03/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean [img=[URL]https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg[/URL]]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

    7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    9. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    10. Please, let me know, how your computer is doing.
     
    broni,
    #37
  19. 2019/03/18
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    It's a little slow when it boots up ,but not sure if that just a performance issue? Also my title was a little misleading. I'm seeing constant 100% or hovering around 100% for the disk not the cpu. Also should I remove the chromium shortcut from the desktop?
     
    JPT,
    #38
  20. 2019/03/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, you may.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
    broni,
    #39
    MrBill likes this.
  21. 2019/03/18
    JPT

    JPT Well-Known Member Thread Starter

    Joined:
    2016/09/11
    Messages:
    70
    Likes Received:
    1
    Thanks! always helpful
     
    JPT,
    #40
    MrBill likes this.
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...