Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trovi infection on Win 7 eMachine


  • This topic is locked This topic is locked
22 replies to this topic

#1 Winterland

Winterland

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:07:11 PM

Posted 26 January 2015 - 12:31 PM

Hello.

 

Per boopme's suggestion here, I've gone ahead and started a new Topic to deal with this Trovi infection.

 

The machine is a 64 bit Windows 7 Home Premium eMachine, Model EL 1852G.

 

 

Per my OP, I've gotten most of the spyware/adware off of this machine and it is running rather well - all three browsers are not experiencing redirects/pop-ups, but the infection appears to keep coming back even after Full Scans with Avast (Free) MBAM (Free) and the Eset Online Scanner.

 

I'm headed off to work but will check in / log back in early tomorrow to see if there has been any additional information requested.

 

** Much thanks in advance for your time and willingness to help me with this. **

 

 

Per the Prep Guide here is the FRST txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Vicky (administrator) on VICKY-PC on 26-01-2015 11:57:56
Running from C:\Users\Vicky\Downloads
Loaded Profiles: Vicky (Available profiles: Vicky & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\...\MountPoints2: {73f64dc1-5e8f-11e2-9fdb-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
InternetURL: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VzDownloadManager.url -> file:///C:\Program Files (x86)\Verizon\VzDownloadManager\VzDownloadManagerUI.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081;https=127.0.0.1:8118
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-21-1750281972-3594988364-819077861-1000] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxdm974YYus&ptb=3td_389D1V_Kg7SvAAcqyw&si=800540
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScopeBefore {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> DefaultScopeBefore {95B7759C-8C7F-4BF1-B163-73684A933233}
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PRkQvudS2&loc=skw&search={searchTerms}&i=26
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> {E4E012DC-1925-48E9-8010-2D195574642A} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: SaverAddoNa -> {be4ccc4d-6e98-4cbf-b5fb-8a536d9c3b4f} -> C:\ProgramData\SaverAddoNa\OmEywZxdzHUR65.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Fast Free Converter 4.0 -> {4B72B1CE-C6E4-4089-89AF-1D01198E8B88} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\qajljqy1.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1750281972-3594988364-819077861-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Extension: NoScript - C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\qajljqy1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-25]
FF Extension: Adblock Edge - C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\qajljqy1.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-25] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-12] (Freemake) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-07-07] (WildTangent)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-25] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S1 futlqimo; \??\C:\Windows\system32\drivers\futlqimo.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 11:57 - 2015-01-26 11:58 - 00018889 _____ () C:\Users\Vicky\Downloads\FRST.txt
2015-01-26 11:57 - 2015-01-26 11:58 - 00000000 ____D () C:\FRST
2015-01-26 11:56 - 2015-01-26 11:56 - 02129920 _____ (Farbar) C:\Users\Vicky\Downloads\FRST64.exe
2015-01-26 11:20 - 2015-01-26 11:20 - 00028206 _____ () C:\Users\Vicky\Desktop\eset scan  1 26 2015.txt
2015-01-26 10:35 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-26 10:35 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-26 10:35 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-26 08:22 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-26 08:21 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-26 08:21 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-26 08:21 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-26 08:21 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-26 08:21 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-26 08:21 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-26 08:21 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-26 08:21 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-26 08:21 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-26 08:21 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-26 08:21 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-26 08:21 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-26 08:21 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-26 08:21 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-26 08:20 - 2015-01-26 08:21 - 00000000 ____D () C:\29d0e898d259718887b4
2015-01-26 08:19 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-26 08:19 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-26 08:19 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-26 08:19 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-26 08:19 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-26 08:19 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-26 08:19 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-26 08:07 - 2015-01-26 08:07 - 00001078 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-01-26 08:07 - 2015-01-26 08:07 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Secunia PSI
2015-01-26 08:07 - 2015-01-26 08:07 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-01-26 08:06 - 2014-06-27 09:42 - 01754456 _____ (Secunia) C:\Users\Vicky\Downloads\PSI2Setup.exe
2015-01-25 19:52 - 2015-01-26 11:45 - 00003340 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1750281972-3594988364-819077861-1000
2015-01-25 19:52 - 2015-01-26 11:45 - 00003206 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1750281972-3594988364-819077861-1000
2015-01-25 19:41 - 2015-01-25 19:41 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2015-01-25 17:38 - 2015-01-25 17:38 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\AVAST Software
2015-01-25 17:38 - 2015-01-25 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-25 17:37 - 2015-01-26 11:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-25 17:37 - 2015-01-25 17:38 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-25 17:37 - 2015-01-25 17:38 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-25 17:37 - 2015-01-25 17:37 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-25 17:37 - 2015-01-25 17:37 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-25 17:37 - 2015-01-25 17:37 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-25 17:37 - 2015-01-25 17:37 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-25 17:37 - 2015-01-25 17:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-25 17:37 - 2015-01-25 17:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-25 17:37 - 2015-01-25 17:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-25 17:37 - 2015-01-25 17:37 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-25 17:36 - 2015-01-25 17:36 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-25 17:34 - 2015-01-25 17:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-25 17:31 - 2015-01-25 17:31 - 05006864 _____ (AVAST Software) C:\Users\Vicky\Downloads\avast_free_antivirus_setup_online.exe
2015-01-25 17:24 - 2015-01-26 05:36 - 00000000 ____D () C:\ProgramData\96d2565100007c2a
2015-01-25 16:51 - 2015-01-25 16:51 - 00000000 ____D () C:\Windows\ERUNT
2015-01-25 16:50 - 2015-01-25 16:50 - 01707939 _____ (Thisisu) C:\Users\Vicky\Downloads\JRT.exe
2015-01-25 16:50 - 2015-01-25 16:50 - 00448512 _____ (OldTimer Tools) C:\Users\Vicky\Downloads\TFC.exe
2015-01-25 16:45 - 2015-01-25 17:11 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-25 16:45 - 2015-01-25 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 16:21 - 2015-01-25 16:21 - 00000000 ____D () C:\Program Files (x86)\unicoupons
2015-01-25 16:19 - 2015-01-25 16:19 - 00000000 ____D () C:\Program Files (x86)\WowCoupon
2015-01-25 16:17 - 2015-01-25 16:17 - 00000000 ____D () C:\Program Files (x86)\LuckyCoupon
2015-01-25 15:51 - 2015-01-25 15:51 - 00243416 _____ () C:\Users\Vicky\Downloads\Firefox Setup Stub 35.0.exe
2015-01-25 15:47 - 2015-01-25 15:47 - 00000687 _____ () C:\awh3B89.tmp
2015-01-25 15:37 - 2015-01-25 15:37 - 00000687 _____ () C:\awh475B.tmp
2015-01-25 15:05 - 2015-01-26 08:33 - 00007611 _____ () C:\Users\Vicky\AppData\Local\Resmon.ResmonCfg
2015-01-25 14:47 - 2015-01-25 14:47 - 00000004 _____ () C:\Users\Vicky\AppData\Roaming\appdataFr2.bin
2015-01-25 14:45 - 2015-01-25 14:45 - 00000687 _____ () C:\awh3C15.tmp
2015-01-25 14:00 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-25 14:00 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-25 14:00 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-25 14:00 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-25 14:00 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-25 14:00 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-25 14:00 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-25 14:00 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-25 14:00 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-25 14:00 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-25 14:00 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-25 14:00 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-25 13:55 - 2015-01-26 07:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 13:55 - 2015-01-25 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-25 13:55 - 2015-01-25 13:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-25 13:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 13:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 13:34 - 2015-01-25 13:34 - 00000000 ____D () C:\Windows\pss
2015-01-25 13:25 - 2015-01-25 13:25 - 00000000 ____D () C:\Program Files (x86)\ApaptoU
2015-01-08 05:35 - 2015-01-08 05:35 - 00000687 _____ () C:\awhCB16.tmp
2015-01-07 11:16 - 2015-01-26 10:33 - 00000000 ____D () C:\ProgramData\lhlakbmnhpmbppifbdhenpfnalfmdmdk
2015-01-06 19:02 - 2015-01-06 19:02 - 00000558 _____ () C:\Users\Vicky\request.xml
2015-01-06 19:02 - 2015-01-06 19:02 - 00000491 _____ () C:\Users\Vicky\response.xml
2015-01-06 19:01 - 2015-01-06 19:02 - 00001256 _____ () C:\Users\Public\Desktop\VzDownloadManager.lnk
2015-01-06 19:01 - 2015-01-06 19:02 - 00000428 _____ () C:\Users\Vicky\Install-VzDownloadManager.log
2015-01-06 19:01 - 2015-01-06 19:01 - 01977752 _____ () C:\Users\Vicky\Downloads\vzdownloadmanager.exe
2015-01-05 14:28 - 2015-01-05 14:28 - 00000687 _____ () C:\awhAA81.tmp
2015-01-02 10:08 - 2015-01-02 10:08 - 00000687 _____ () C:\awh9481.tmp
2014-12-30 16:44 - 2014-12-30 16:44 - 00000687 _____ () C:\awh7925.tmp
2014-12-27 19:10 - 2014-12-27 19:10 - 00000687 _____ () C:\awh7020.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 11:41 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 11:41 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 11:40 - 2007-10-10 04:50 - 01068601 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 11:34 - 2014-04-25 08:46 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-26 11:33 - 2014-10-06 20:45 - 00003908 _____ () C:\Windows\setupact.log
2015-01-26 11:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 11:14 - 2012-10-29 18:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 11:12 - 2011-11-02 19:54 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-26 10:33 - 2014-09-10 18:55 - 00000000 ____D () C:\ProgramData\pbdchcipmilmfkggdopkldkpjljhgoik
2015-01-26 08:30 - 2011-03-28 02:39 - 00000000 ____D () C:\ProgramData\Skype
2015-01-26 08:27 - 2011-10-22 18:45 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Skype
2015-01-26 08:23 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-26 08:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-26 08:07 - 2009-07-14 00:13 - 00804268 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 20:24 - 2014-12-07 20:04 - 00000000 ____D () C:\ProgramData\GetTheDiscount
2015-01-25 20:24 - 2014-11-25 21:39 - 00000000 ____D () C:\ProgramData\dl159
2015-01-25 20:24 - 2014-11-07 21:25 - 00000000 ____D () C:\ProgramData\SaleItCoupon
2015-01-25 20:24 - 2014-08-20 14:32 - 00000000 ____D () C:\ProgramData\SharkManCoupon
2015-01-25 20:24 - 2014-07-14 17:32 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\istart123
2015-01-25 20:24 - 2014-07-06 14:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\11959
2015-01-25 20:24 - 2014-06-16 15:51 - 00000000 ____D () C:\temp
2015-01-25 20:14 - 2012-10-29 18:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 20:14 - 2012-01-12 23:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 19:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-25 19:34 - 2014-10-31 21:01 - 00549758 _____ () C:\Windows\PFRO.log
2015-01-25 18:28 - 2014-07-22 08:22 - 00000000 ____D () C:\Users\Vicky\AppData\Local\2117
2015-01-25 18:28 - 2014-07-16 14:38 - 00000000 ____D () C:\Users\Vicky\AppData\Local\21276
2015-01-25 18:28 - 2014-07-11 18:42 - 00000000 ____D () C:\Users\Vicky\AppData\Local\1851
2015-01-25 18:10 - 2014-09-29 13:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\20
2015-01-25 18:10 - 2014-07-23 15:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\4324
2015-01-25 18:10 - 2014-07-14 17:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\15544
2015-01-25 18:10 - 2014-07-10 14:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\25037
2015-01-25 17:42 - 2014-06-11 08:30 - 00000000 ____D () C:\Program Files\pcmax
2015-01-25 17:27 - 2011-10-11 11:32 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-25 17:23 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-25 17:13 - 2011-03-28 02:55 - 00000000 ____D () C:\ProgramData\Norton
2015-01-25 17:11 - 2014-07-25 15:48 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2015-01-25 17:11 - 2011-08-27 22:21 - 00001422 _____ () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 17:08 - 2014-07-24 10:17 - 00000000 ____D () C:\Program Files (x86)\OpenSoftwareUpdater
2015-01-25 17:02 - 2011-03-28 02:52 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-25 16:52 - 2014-06-14 11:18 - 00000000 ____D () C:\Windows\SysWOW64\jmdp
2015-01-25 16:52 - 2012-10-01 18:00 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Registry Mechanic
2015-01-25 16:51 - 2013-08-04 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 16:45 - 2013-06-20 08:05 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Mozilla
2015-01-25 16:34 - 2014-11-07 21:24 - 00000000 ____D () C:\ProgramData\WowCoupon
2015-01-25 16:34 - 2014-09-10 18:58 - 00000000 ____D () C:\ProgramData\unicoupons
2015-01-25 16:22 - 2013-07-22 16:22 - 00000000 ____D () C:\Users\Vicky\AppData\Local\SySaver
2015-01-25 16:21 - 2014-08-17 17:15 - 00000000 ____D () C:\ProgramData\272329f9765c8b93
2015-01-25 16:19 - 2013-08-07 11:34 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-01-25 16:03 - 2011-03-28 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines
2015-01-25 16:03 - 2011-03-28 02:40 - 00000000 ____D () C:\Program Files (x86)\eMachines
2015-01-25 15:59 - 2013-06-18 15:22 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\player
2015-01-25 15:26 - 2013-08-15 13:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-25 15:08 - 2012-01-24 10:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-25 14:44 - 2013-02-02 19:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-25 14:43 - 2013-01-18 14:54 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Epson
2015-01-25 14:43 - 2013-01-18 14:50 - 00000000 ____D () C:\ProgramData\EPSON
2015-01-25 13:55 - 2012-03-09 21:55 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Malwarebytes
2015-01-25 13:55 - 2012-03-09 21:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-08 09:55 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 09:03 - 2012-09-25 19:35 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-08 02:44 - 2011-08-29 01:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-06 19:02 - 2011-08-27 22:19 - 00000000 ____D () C:\Users\Vicky
2015-01-06 19:01 - 2014-09-18 13:08 - 00000000 ____D () C:\Program Files (x86)\Verizon
2014-12-27 19:31 - 2013-09-19 23:45 - 00000000 ____D () C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2015-01-25 14:47 - 2015-01-25 14:47 - 0000004 _____ () C:\Users\Vicky\AppData\Roaming\appdataFr2.bin
2015-01-25 15:05 - 2015-01-26 08:33 - 0007611 _____ () C:\Users\Vicky\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Guest\MetricCollection.dll
C:\Users\Vicky\MetricCollection.dll


Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\{9F59FA29-B81A-4BCD-828C-3727FB86D301}-31.0.1650.63_31.0.1650.57_chrome_updater.exe
C:\Users\Vicky\AppData\Local\Temp\htmlayout.dll
C:\Users\Vicky\AppData\Local\Temp\uninst1.exe
C:\Users\Vicky\AppData\Local\Temp\uninstall466271.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 10:54

==================== End Of Log ============================

 

 

 

 

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


BC AdBot (Login to Remove)

 


m

#2 Winterland

Winterland
  • Topic Starter

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:07:11 PM

Posted 26 January 2015 - 12:35 PM

Hmm, I thought I'd attached the Addition file but it doesn't appear to have gone through.

 

2nd attempt.

 

All Apologies.

 

Winterland

Attached Files


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:11 PM

Posted 27 January 2015 - 09:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold using the Add/Remove Programs applet.
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
Fast Free Converter (HKLM-x32\...\Fast Free Converter) (Version: 4.0 - Fast Free Converter) <==== ATTENTION!
IB Updater Service (HKLM-x32\...\WNLT) (Version: 5.0.9.9 - ) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081;https=127.0.0.1:8118
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-21-1750281972-3594988364-819077861-1000] => Internet Explorer proxy is enabled.
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxdm974YYus&ptb=3td_389D1V_Kg7SvAAcqyw&si=800540
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScopeBefore {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> DefaultScopeBefore {95B7759C-8C7F-4BF1-B163-73684A933233}
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PRkQvudS2&loc=skw&search={searchTerms}&i=26
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> {E4E012DC-1925-48E9-8010-2D195574642A} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: SaverAddoNa -> {be4ccc4d-6e98-4cbf-b5fb-8a536d9c3b4f} -> C:\ProgramData\SaverAddoNa\OmEywZxdzHUR65.x64.dll No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Fast Free Converter 4.0 -> {4B72B1CE-C6E4-4089-89AF-1D01198E8B88} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL No File
Toolbar: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-1750281972-3594988364-819077861-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
S1 futlqimo; \??\C:\Windows\system32\drivers\futlqimo.sys [X]
U2 TMAgent; No ImagePath
C:\Program Files (x86)\Lightspark 0.5.3-git
Task: {1882AE91-3302-49E7-A158-E8B46BBA2A81} - System32\Tasks\Default2Check => c:\Users\All Users\dtdata\R003.exe <==== ATTENTION
Task: {231280D7-B00C-4BE6-B204-4FEF9C8406EC} - \AmiUpdXp No Task File <==== ATTENTION
Task: {322F91F8-3227-4141-9E99-96202D0E5580} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {3F9B4529-F586-4A0E-873E-D660497AB4ED} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe <==== ATTENTION
Task: {4EF04FDD-D080-431E-8844-32F5C20DF1A8} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
Task: {5020634F-B618-4E51-8463-22B0F12918DF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {A60F4C05-1FEB-4EEC-A520-8D5B0B625C37} - \Groovorio Updater No Task File <==== ATTENTION
Task: {B1A6E4B3-04A7-4DF1-912C-CA86A4793AD3} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
C:\Users\Guest\AppData\Local\Temp\{9F59FA29-B81A-4BCD-828C-3727FB86D301}-31.0.1650.63_31.0.1650.57_chrome_updater.exe
C:\Users\Vicky\AppData\Local\Temp\htmlayout.dll
C:\Users\Vicky\AppData\Local\Temp\uninst1.exe
C:\Users\Vicky\AppData\Local\Temp\uninstall466271.exe
AlternateDataStreams: C:\ProgramData\TEMP:0868A0F5
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
c:\Users\All Users\dtdata
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\ExpressFiles

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:8118 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

If required press the Apply button.
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Restart the computer normally to reset the registry.

====

Reset the browsers that may have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Run this tool to remove any registry installed by malware.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#4 Winterland

Winterland
  • Topic Starter

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:07:11 PM

Posted 27 January 2015 - 11:37 AM

Hello nasdaq and thanks for the quick response.

 

I have followed all the instructions (and rebooted several times).

 

All three of the Programs you listed in bold appeared to already have been removed - that was the prompt/information I got when I attempted to Remove them via the Add/Remove, and I also removed them from the list of Programs.

 

I have removed the Proxy settings from all three browsers and also reset all three. Rebooting as you instructed.

 

I ran AdwCleaner (per your instructions) but was just a little bit confused on the instructions, until I realized what you meant, so the log file I'm posting is the 2nd one, but everything seems to have gone well. I looked over the programs for False Positives but didn't see anything so I selected Clean.

 

 

As for how the machine is running...it's running pretty good although I haven't re-run any Full Scans yet with either MBAM and/or Avast, as I wanted to wait until you told me it was okay to do so.

 

 

Thanks again for the quick response and help. Here are the requested log files.

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Vicky at 2015-01-27 10:41:27 Run:1
Running from C:\Users\Vicky\Documents\Bleeping
Loaded Profiles: Vicky (Available profiles: Vicky & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081;https=127.0.0.1:8118
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-21-1750281972-3594988364-819077861-1000] => Internet Explorer proxy is enabled.
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxdm974YYus&ptb=3td_389D1V_Kg7SvAAcqyw&si=800540
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScopeBefore {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> DefaultScopeBefore {95B7759C-8C7F-4BF1-B163-73684A933233}
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PRkQvudS2&loc=skw&search={searchTerms}&i=26
SearchScopes: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> {E4E012DC-1925-48E9-8010-2D195574642A} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: SaverAddoNa -> {be4ccc4d-6e98-4cbf-b5fb-8a536d9c3b4f} -> C:\ProgramData\SaverAddoNa\OmEywZxdzHUR65.x64.dll No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Fast Free Converter 4.0 -> {4B72B1CE-C6E4-4089-89AF-1D01198E8B88} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL No File
Toolbar: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1750281972-3594988364-819077861-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-1750281972-3594988364-819077861-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
S1 futlqimo; \??\C:\Windows\system32\drivers\futlqimo.sys [X]
U2 TMAgent; No ImagePath
C:\Program Files (x86)\Lightspark 0.5.3-git
Task: {1882AE91-3302-49E7-A158-E8B46BBA2A81} - System32\Tasks\Default2Check => c:\Users\All Users\dtdata\R003.exe <==== ATTENTION
Task: {231280D7-B00C-4BE6-B204-4FEF9C8406EC} - \AmiUpdXp No Task File <==== ATTENTION
Task: {322F91F8-3227-4141-9E99-96202D0E5580} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {3F9B4529-F586-4A0E-873E-D660497AB4ED} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe <==== ATTENTION
Task: {4EF04FDD-D080-431E-8844-32F5C20DF1A8} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
Task: {5020634F-B618-4E51-8463-22B0F12918DF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {A60F4C05-1FEB-4EEC-A520-8D5B0B625C37} - \Groovorio Updater No Task File <==== ATTENTION
Task: {B1A6E4B3-04A7-4DF1-912C-CA86A4793AD3} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
C:\Users\Guest\AppData\Local\Temp\{9F59FA29-B81A-4BCD-828C-3727FB86D301}-31.0.1650.63_31.0.1650.57_chrome_updater.exe
C:\Users\Vicky\AppData\Local\Temp\htmlayout.dll
C:\Users\Vicky\AppData\Local\Temp\uninst1.exe
C:\Users\Vicky\AppData\Local\Temp\uninstall466271.exe
AlternateDataStreams: C:\ProgramData\TEMP:0868A0F5
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
c:\Users\All Users\dtdata
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\ExpressFiles

End
*****************

Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Before => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1750281972-3594988364-819077861-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
"HKU\S-1-5-21-1750281972-3594988364-819077861-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => Key deleted successfully.
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
"HKU\S-1-5-21-1750281972-3594988364-819077861-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4E012DC-1925-48E9-8010-2D195574642A}" => Key deleted successfully.
HKCR\CLSID\{E4E012DC-1925-48E9-8010-2D195574642A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be4ccc4d-6e98-4cbf-b5fb-8a536d9c3b4f}" => Key deleted successfully.
"HKCR\CLSID\{be4ccc4d-6e98-4cbf-b5fb-8a536d9c3b4f}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B72B1CE-C6E4-4089-89AF-1D01198E8B88}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4B72B1CE-C6E4-4089-89AF-1D01198E8B88}" => Key deleted successfully.
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-1750281972-3594988364-819077861-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-1750281972-3594988364-819077861-1000\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => Key deleted successfully.
C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll => Moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
futlqimo => Service deleted successfully.
TMAgent => Service deleted successfully.
C:\Program Files (x86)\Lightspark 0.5.3-git => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1882AE91-3302-49E7-A158-E8B46BBA2A81}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1882AE91-3302-49E7-A158-E8B46BBA2A81}" => Key deleted successfully.
C:\Windows\System32\Tasks\Default2Check => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Default2Check" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{231280D7-B00C-4BE6-B204-4FEF9C8406EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{231280D7-B00C-4BE6-B204-4FEF9C8406EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{322F91F8-3227-4141-9E99-96202D0E5580}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{322F91F8-3227-4141-9E99-96202D0E5580}" => Key deleted successfully.
C:\Windows\System32\Tasks\Express FilesUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F9B4529-F586-4A0E-873E-D660497AB4ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F9B4529-F586-4A0E-873E-D660497AB4ED}" => Key deleted successfully.
C:\Windows\System32\Tasks\DefaultReg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultReg" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EF04FDD-D080-431E-8844-32F5C20DF1A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EF04FDD-D080-431E-8844-32F5C20DF1A8}" => Key deleted successfully.
C:\Windows\System32\Tasks\DefaultCheck => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultCheck" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5020634F-B618-4E51-8463-22B0F12918DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5020634F-B618-4E51-8463-22B0F12918DF}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A60F4C05-1FEB-4EEC-A520-8D5B0B625C37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A60F4C05-1FEB-4EEC-A520-8D5B0B625C37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Groovorio Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1A6E4B3-04A7-4DF1-912C-CA86A4793AD3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1A6E4B3-04A7-4DF1-912C-CA86A4793AD3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
C:\Users\Guest\AppData\Local\Temp\{9F59FA29-B81A-4BCD-828C-3727FB86D301}-31.0.1650.63_31.0.1650.57_chrome_updater.exe => Moved successfully.
C:\Users\Vicky\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\Vicky\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Vicky\AppData\Local\Temp\uninstall466271.exe => Moved successfully.
C:\ProgramData\TEMP => ":0868A0F5" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\TEMP => ":D346F792" ADS removed successfully.
"c:\Users\All Users\dtdata" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"C:\Program Files (x86)\ExpressFiles" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 10:41:33 ====

 

 

 

 

 

 

And here is the AdwCleaner log:

 

 

 

# AdwCleaner v4.109 - Report created 27/01/2015 at 11:16:46
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Vicky - VICKY-PC
# Running from : C:\Users\Vicky\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\getthediscount
Folder Deleted : C:\ProgramData\SaleItCoupon
Folder Deleted : C:\ProgramData\SharkManCoupon
Folder Deleted : C:\ProgramData\unicoupons
Folder Deleted : C:\ProgramData\WowCoupon
Folder Deleted : C:\ProgramData\272329f9765c8b93
Folder Deleted : C:\ProgramData\2820143943073434515
Folder Deleted : C:\ProgramData\96d2565100007c2a
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
Folder Deleted : C:\Program Files (x86)\MSR
Folder Deleted : C:\Program Files (x86)\Tbccint
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\unicoupons
Folder Deleted : C:\Program Files (x86)\WowCoupon
Folder Deleted : C:\Program Files (x86)\LuckyCoupon
Folder Deleted : C:\Windows\Microsoft\SystemUpdatekb70007
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Vicky\AppData\Local\Temp\internethelper3.1
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Guest\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Guest\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Guest\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Guest\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\Guest\AppData\LocalLow\HappinessInfusion_5w
Folder Deleted : C:\Users\Guest\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Guest\AppData\Roaming\GroovorioUpdater
Folder Deleted : C:\Users\Guest\AppData\Roaming\istart123
Folder Deleted : C:\Users\Guest\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Guest\AppData\Roaming\PC Tech Hotline
Folder Deleted : C:\Users\Guest\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Guest\Documents\Optimizer Pro
Folder Deleted : C:\Users\Vicky\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Vicky\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Vicky\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Vicky\Documents\PC Health Kit
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiifhjbblnglipdbpdgagphlcbililb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Folder Deleted : C:\ProgramData\lhlakbmnhpmbppifbdhenpfnalfmdmdk
Folder Deleted : C:\ProgramData\pbdchcipmilmfkggdopkldkpjljhgoik
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmpackdjojdmneopbomddiegllifmabf
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnecgiinnfijdlbjooeehnjbmdlgihod
File Deleted : C:\END
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Guest\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Guest\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Vicky\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_click.dealshark.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : RunAsStdUser Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DealScout.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\9538ad8b569be17
Key Deleted : HKLM\SOFTWARE\9538ad8b569be17
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF2ACF40-7197-4C0C-AAEF-22BDC80A726A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2434A05C-45D0-4E5F-89F5-5ABD3144FA37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48900FD3-BF34-4EDE-BDE8-80BA4DB0A01E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5ADCE9A2-7858-4067-A4D1-78D5EF3912D3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9964B157-3760-46AB-A67E-CE347483239B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBFD2108-F316-4558-A26C-D7C6A384C48D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C5DA55A3-6760-4C5C-A098-0E546D9859B2}
Key Deleted : HKCU\Software\b1.org
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\UpdateFiles
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\b1.org
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Desksvc
Key Deleted : HKLM\SOFTWARE\eSafeSecControl
Key Deleted : HKLM\SOFTWARE\ExpressFiles
Key Deleted : HKLM\SOFTWARE\firstsearch
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\Lightspark Team
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\WNLT
Key Deleted : HKLM\SOFTWARE\Webexp Enhanced
Key Deleted : HKLM\SOFTWARE\WebexpEnhancedV1
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lightspark
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\b1.org
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [blank]

-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.93

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={F0EAEC6F-00DF-44EF-BA44-47EF73EEC83F}&mid=823bfc142a3b47d1929219d59ad4485a-d97332c5548af9031fd2a00b9c90e29d54b173bf&lang=en&ds=AVG&pr=fr&d=2012-06-25 11:16:49&v=11.1.0.12&sap=dsp&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3300019&UM=2&SearchSource=45&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mystart.incredibar.com/?a=6Ozpki5mWK&i=26&loc=skw&search={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mystart.incredibar.com/?a=6Ozpki5mWK&i=26&loc=skw&search={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://log.incredibar-search.com/?q={searchTerms}&pr=&spr=2&o=APN10044&gct=bar&u=92264219663843530&a=6Ozpki5mWK&i=26&lang=english&cid=2&source=370365501612&gc=us&acr=365501612
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=&useHistory=0&UP=SPCE8FBDA5-851E-4232-A276-EC1E36C46D79&isid=ME95DAE4B-8D95-4A3D-8C86-A5E4C56C968B&UM=5&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3324863&octid=EB_ORIGINAL_CTID
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=154&systemid=1&v=n13124-402&apn_uid=3534134103254505&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1405376914&from=amt&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5R22147221472&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=154&systemid=1&v=n13124-402&apn_uid=3534134103254505&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtAtD0AtC0AzytC0E0B0FtN0D0Tzu0SzytAyCtN1L2XzutBtFtBtCtFtCyBtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StA0Bzy0AyEyD0C0BtGzzzz0CtDtG0DyE0FtCtGtDtBtB0FtGtCyEtCyEyDtAyDzyzyyEyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtC0D0DyD0BzztGtAtAtBtDtG0FyCzy0FtGtB0B0B0CtGtAyDtByEyEyE0FyCtAzy0Fzy2Q&cr=70696116&ir=
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-search.net/search.aspx?s=E7Pzadku1,75d9ef8c-7ec9-470d-9a95-cee82b63f5d4,&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hgiifhjbblnglipdbpdgagphlcbililb
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : banjjklfojcdbofbhbgiedekefohoaff
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lhlakbmnhpmbppifbdhenpfnalfmdmdk
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pbdchcipmilmfkggdopkldkpjljhgoik
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hmpackdjojdmneopbomddiegllifmabf
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hnecgiinnfijdlbjooeehnjbmdlgihod
[C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : noajmlkipclmeolfcnflkjhijkigpfjh

-\\ Chromium v

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={F0EAEC6F-00DF-44EF-BA44-47EF73EEC83F}&mid=823bfc142a3b47d1929219d59ad4485a-d97332c5548af9031fd2a00b9c90e29d54b173bf&lang=en&ds=AVG&pr=fr&d=2012-06-25 11:16:49&v=11.1.0.12&sap=dsp&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3300019&UM=2&SearchSource=45&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mystart.incredibar.com/?a=6Ozpki5mWK&i=26&loc=skw&search={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mystart.incredibar.com/?a=6Ozpki5mWK&i=26&loc=skw&search={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://log.incredibar-search.com/?q={searchTerms}&pr=&spr=2&o=APN10044&gct=bar&u=92264219663843530&a=6Ozpki5mWK&i=26&lang=english&cid=2&source=370365501612&gc=us&acr=365501612
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=&useHistory=0&UP=SPCE8FBDA5-851E-4232-A276-EC1E36C46D79&isid=ME95DAE4B-8D95-4A3D-8C86-A5E4C56C968B&UM=5&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3324863&octid=EB_ORIGINAL_CTID
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=154&systemid=1&v=n13124-402&apn_uid=3534134103254505&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1405376914&from=amt&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5R22147221472&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=154&systemid=1&v=n13124-402&apn_uid=3534134103254505&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtAtD0AtC0AzytC0E0B0FtN0D0Tzu0SzytAyCtN1L2XzutBtFtBtCtFtCyBtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StA0Bzy0AyEyD0C0BtGzzzz0CtDtG0DyE0FtCtGtDtBtB0FtGtCyEtCyEyDtAyDzyzyyEyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtC0D0DyD0BzztGtAtAtBtDtG0FyCzy0FtGtB0B0B0CtGtAyDtByEyEyE0FyCtAzy0Fzy2Q&cr=70696116&ir=
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-search.net/search.aspx?s=E7Pzadku1,75d9ef8c-7ec9-470d-9a95-cee82b63f5d4,&q={searchTerms}
[C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [26727 octets] - [27/01/2015 11:06:04]
AdwCleaner[R1].txt - [26787 octets] - [27/01/2015 11:12:18]
AdwCleaner[S0].txt - [29615 octets] - [27/01/2015 11:16:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29676 octets] ##########
 

 

 

Winterland

 

 

 

 

 

 

 

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:11 PM

Posted 28 January 2015 - 08:59 AM

I haven't re-run any Full Scans yet with either MBAM and/or Avast, as I wanted to wait until you told me it was okay to do so.

Looking better. You can do these MBAM and Avast scan when you can.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#6 Winterland

Winterland
  • Topic Starter

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:07:11 PM

Posted 28 January 2015 - 09:10 AM

Hello again nasdaq. Thank you again for all the help.

 

The computer is humming along and running very well.

 

I'm going to post the checkup.txt log and then go run some Full Scans with Avast and MBAM.

 

Here you go.

 

 

 

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (2.0.0.4003)   
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
 Google Chrome 36.0.1985.125 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 

 

 

 

Winterland

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:11 PM

Posted 28 January 2015 - 09:50 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 Winterland

Winterland
  • Topic Starter

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:07:11 PM

Posted 28 January 2015 - 01:32 PM

Hello again.

 

Well, the computer seems to running well and, as previously mentioned, I'm not getting any redirects and/or massive popups in any of my browsers but when I ran the Full Scan in Avast, here is what I saw:

 

AvastFullScan1282015.png

 

 

And when I ran the Threat Scan on MBAM the 1st time, it found some some 479 items, which I Quarantined, then deleted.

 

 

After that was completed, I rebooted, logged back in and ran the Threat Scan again, & it came up with the same number of items, so I Quarantined, then deleted, rebooted, ran another Threat Scan and, lo and behold, there were the same number of items again.

 

 

Not sure what to do from here, so I'll await word from you as to what to try next.

 

I did save the MBAM logs if you want to see them.

 

Thank you.

 

Winterland


Edited by Winterland, 28 January 2015 - 02:25 PM.

Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:11 PM

Posted 29 January 2015 - 09:40 AM

Refer to this article for additional information on the .png files.

https://forum.avast.com/index.php?topic=115058.0
===

In your case the files are in the c:\users\Guest\Download... folder.
I suggest you delete the files from the folder and keep them in your Recycle bin.
If all is well in a week and no program is needing them you can flush them from the Recycle bin.

===

#10 Winterland

Winterland
  • Topic Starter

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:07:11 PM

Posted 29 January 2015 - 12:27 PM

Great, I will do as you suggested with regards to the Avast files.

 

With regards to the reappearing PUP files in the MBAM Threat Scan - how do I go about resolving that issue, or is related to these files?

 

Thanks again for all your help with this.

 

Winterland

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:11 PM

Posted 29 January 2015 - 01:59 PM

With regards to the reappearing PUP files in the MBAM Threat Scan

Can you post the log?

I need to know what we are dealing with.

#12 Winterland

Winterland
  • Topic Starter

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:07:11 PM

Posted 29 January 2015 - 06:08 PM

Hello.

 

Here is the MBAM log from the other day.

 

It was the 3rd Threat Scan I had run. The other two looked the same, even after the Quarantine / Delete and then rebooting process.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/28/2015
Scan Time: 1:06:18 PM
Logfile: MBAM Threat Scan_1 28 2015 v3.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.28.08
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Vicky

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393170
Time Elapsed: 15 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUM.Bad.Proxy, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13081;https=127.0.0.1:8118, , [11b7a85496f351e5a376acd2758e8a76]

Registry Data: 0
(No malicious items detected)

Folders: 478
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\js\tabs, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\js\tabs\back, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\js\toolbarAPI, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\mam, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\mam\scripts, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\mam\scripts\contentScripts, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\nativeMessaging, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\plugins, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\Search, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\Search\html, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\Search\NewTabPages, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\Search\NewTabPages\API, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\Search\NewTabPages\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\Search\NewTabPages\html, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\Search\NewTabPages\img, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\Search\NewTabPages\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\aboutBox, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\aboutBox\images, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\aboutBox\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ac, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ac\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ac\img, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ac\res, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\api, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\msd, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\options, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\options\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\options\images, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\options\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\options\js\resources, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\sp, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\sp\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\sp\spbd, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\sp\spbd\images, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\sp\spsd, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\sp\spsd\images, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\dlg, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\dlg\ftd, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\dlg\ftd\images, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\dlg\restart, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\dlg\restart\images, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\gadgetFrame, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\gf, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\gf\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\gf\img, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\gf\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\menu, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\menu\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\menu\img, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\ui\menu\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\Js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\resources, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\HIGHLIGHTER, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\MULTI_RSS, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\MULTI_RSS\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\MULTI_RSS\img, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\MULTI_RSS\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\MULTI_RSS\js\resources, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\NOTIFICATION, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\NOTIFICATION\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\NOTIFICATION\images, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\NOTIFICATION\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\Optimizer, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\Optimizer\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\PRICE_GONG, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\PRICE_GONG\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\PRICE_GONG\css\custom-theme, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\PRICE_GONG\images, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\RADIO_PLAYER, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css\custom-theme, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\SEARCH, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\SEARCH\buildSettings, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\SEARCH\Css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\SEARCH\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\SEARCH\resources, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\SEARCH\view, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\SEARCH\view\script, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\SEARCH\view\style, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\SEARCH\view\style\rsx, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\TWITTER, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\TWITTER\img, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\TWITTER\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\WEATHER, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\WEATHER\css, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\al\wa\WEATHER\js, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\core, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\lib, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\lib\jquery.alerts, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\lib\jquery.alerts\images, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\lib\jquery.jscrollpane, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\tb\sl, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\_locales, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.MixiDJ.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl\10.31.4.510_0\_locales\en, , [ad1b659733563204879a81c61ce7c43c],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\APISupport, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\js\lib, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\js\options, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\js\tabs, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\js\tabs\back, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\js\toolbarAPI, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\mam, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\mam\scripts, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\mam\scripts\contentScripts, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\nativeMessaging, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\plugins, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\Search, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\Search\html, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\Search\NewTabPages, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\Search\NewTabPages\API, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\Search\NewTabPages\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\Search\NewTabPages\html, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\Search\NewTabPages\img, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\Search\NewTabPages\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\aboutBox, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\aboutBox\images, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\aboutBox\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ac, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ac\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ac\img, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ac\res, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\api, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\msd, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\options, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\options\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\options\images, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\options\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\options\js\resources, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\sp, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\sp\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\sp\spbd, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\sp\spbd\images, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\sp\spsd, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\sp\spsd\images, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\dlg, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\dlg\ftd, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\dlg\ftd\images, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\dlg\restart, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\dlg\restart\images, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\gadgetFrame, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\gf, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\gf\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\gf\img, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\gf\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\menu, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\menu\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\menu\img, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\ui\menu\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\Js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\resources, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\HIGHLIGHTER, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\MULTI_RSS, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\MULTI_RSS\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\MULTI_RSS\img, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\MULTI_RSS\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\MULTI_RSS\js\resources, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\NOTIFICATION, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\NOTIFICATION\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\NOTIFICATION\images, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\NOTIFICATION\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\Optimizer, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\Optimizer\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\PRICE_GONG, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\PRICE_GONG\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\PRICE_GONG\css\custom-theme, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\PRICE_GONG\images, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\RADIO_PLAYER, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css\custom-theme, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\SEARCH, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\SEARCH\buildSettings, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\SEARCH\Css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\SEARCH\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\SEARCH\resources, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\SEARCH\view, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\SEARCH\view\script, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\SEARCH\view\style, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\SEARCH\view\style\rsx, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\TWITTER, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\TWITTER\img, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\TWITTER\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\WEATHER, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\WEATHER\css, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\al\wa\WEATHER\js, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\core, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\lib, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\lib\jquery.alerts, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\lib\jquery.alerts\images, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\lib\jquery.jscrollpane, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\tb\sl, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\_locales, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.VafMusic.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.31.4.510_0\_locales\en, , [a12702fa6d1cbd7925758cbbfd06f709],
PUP.Optional.Datamngr.A, C:\Users\Vicky\AppData\LocalLow\DataMngr, , [299f9f5d6d1c3afc30cd390f55ae8977],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjcbkbcncfkoljakenekllbfdonhjef, , [6c5c33c9ff8a83b3d58f05508281b947],
PUP.Optional.CrossRider.A, C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjcbkbcncfkoljakenekllbfdonhjef, , [6662827ac1c8de588cd8114402013cc4],
PUP.Optional.Extutil.A, C:\Users\Guest\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [04c467954a3f44f22f4169f17b88e719],
PUP.Optional.Managera.A, C:\Users\Guest\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [7b4d5f9df69300368ee398c26f94ca36],
PUP.Optional.DoctoAntiVirus.A, C:\Users\Vicky\AppData\Local\DoctoAntivirus, , [3f89e913088141f5b2e193c917eca55b],
PUP.Optional.DoctoAntiVirus.A, C:\Users\Vicky\AppData\Local\DoctoAntivirus\DoctoAVDownloadTemp, , [3f89e913088141f5b2e193c917eca55b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, , [2c9c8e6e27621d1996d13b2a1ae911ef],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kmifjikmkjppnomadkpaopmlcjdnohjd, , [23a5956793f665d195a6eb80996aea16],
PUP.Optional.CrossRider.A, C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kmifjikmkjppnomadkpaopmlcjdnohjd, , [7d4b5ba19eeb2214f942bead9f64a45c],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\CacheIcons, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\AddedAppDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\DefualtImages, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\DetectedAppDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\EngineFirstTimeDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\NewSearchProtectorDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\NewSearchProtectorDialog\images, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\SearchProtectorBubbleDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\SearchProtectorBubbleDialog\images, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\SearchProtectorDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\SearchProtectorDialog\Images, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\SearchProtectorRetakeoverDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\SearchProtectorRetakeoverDialog\Images, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\ToolbarFirstTimeDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\ToolbarFirstTimeDialog\images, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\ToolbarUntrustedAppsApprovalDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\UntrustedAddedAppDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\UntrustedAppApprovalDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Dialogs\UntrustedAppPendingDialog, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\EmailNotifier, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\ExternalComponent, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Logs, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\MyStuffApps, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\plugins, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_CT3310511, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_CT3310511\AppsMetaData, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_CT3310511\DynamicDialogs, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_CT3310511\ToolbarHiddenLogin, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_CT3310511\ToolbarHiddenSettings, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_CT3310511\ToolbarLogin, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_CT3310511\ToolbarSettings, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_CT3310511\ToolbarTranslation, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_en, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Guest\AppData\LocalLow\SweetPacks\Repository\conduit_CT3310511_en\ToolbarTranslation, , [299f74889aef7eb85acf511cfa09e719],
PUP.Optional.SweetPacks.A, C:\Users\Vicky\AppData\Local\Temp\SweetPacks, , [16b28c70385190a6cc5f95d8c43fc63a],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\CacheIcons, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\AddedAppDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\DefualtImages, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\DetectedAppDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\EngineFirstTimeDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\NewSearchProtectorDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\NewSearchProtectorDialog\images, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorBubbleDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorBubbleDialog\images, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorDialog\Images, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorRetakeoverDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorRetakeoverDialog\Images, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\ToolbarFirstTimeDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\ToolbarFirstTimeDialog\images, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\ToolbarUntrustedAppsApprovalDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\UntrustedAddedAppDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\UntrustedAppApprovalDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Dialogs\UntrustedAppPendingDialog, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\EmailNotifier, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\ExternalComponent, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Logs, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\MyStuffApps, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\plugins, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\RadioPlayer, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\AppsMetaData, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\DynamicDialogs, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\ToolbarHiddenSettings, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\ToolbarLogin, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\ToolbarSettings, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\ToolbarTranslation, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_en, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Guest\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_en\ToolbarTranslation, , [e7e108f4048543f3546a0c61c241a957],
PUP.Optional.WhiteSmoke.A, C:\Users\Vicky\AppData\Local\Temp\WhiteSmoke_New, , [4f7988742f5ac37319a73d306a99bb45],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\js\lib, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\js\options, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\js\tabs, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\js\tabs\back, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\js\toolbarAPI, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\mam, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\mam\scripts, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\mam\scripts\contentScripts, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\nativeMessaging, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\plugins, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\Search, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\Search\html, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\Search\NewTabPages, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\Search\NewTabPages\API, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\Search\NewTabPages\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\Search\NewTabPages\html, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\Search\NewTabPages\img, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\Search\NewTabPages\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\aboutBox, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\aboutBox\images, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\aboutBox\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ac, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ac\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ac\img, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ac\res, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\api, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\msd, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\options, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\options\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\options\images, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\options\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\options\js\resources, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\sp, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\sp\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\sp\spbd, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\sp\spbd\images, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\sp\spsd, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\sp\spsd\images, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\dlg, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\dlg\ftd, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\dlg\ftd\images, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\dlg\restart, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\dlg\restart\images, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\gadgetFrame, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\gf, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\gf\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\gf\img, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\gf\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\menu, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\menu\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\menu\img, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\ui\menu\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\Js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\resources, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\EMAIL_NOTIFIER\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\HIGHLIGHTER, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\HIGHLIGHTER\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\MULTI_RSS, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\MULTI_RSS\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\MULTI_RSS\img, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\MULTI_RSS\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\MULTI_RSS\js\resources, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\NOTIFICATION, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\NOTIFICATION\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\NOTIFICATION\images, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\dark, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\NOTIFICATION\images\light, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\NOTIFICATION\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\Optimizer, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\Optimizer\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\PRICE_GONG, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\PRICE_GONG\agreement, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\PRICE_GONG\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\PRICE_GONG\css\custom-theme, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\PRICE_GONG\images, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\RADIO_PLAYER, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\css\custom-theme, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\RADIO_PLAYER\js\resources, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\SEARCH, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\SEARCH\buildSettings, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\SEARCH\Css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\SEARCH\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\SEARCH\resources, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\SEARCH\view, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\SEARCH\view\script, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\SEARCH\view\style, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\SEARCH\view\style\rsx, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\TWITTER, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\TWITTER\img, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\TWITTER\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\WEATHER, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\WEATHER\css, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\al\wa\WEATHER\js, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\core, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\lib, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\lib\jquery.alerts, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\lib\jquery.alerts\images, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\lib\jquery.jscrollpane, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\tb\sl, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\_locales, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\_locales\en, , [e5e3af4d266321156182581ed82b20e0],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\background, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\css, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\css\themes, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\css\themes\avira, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\css\themes\imesh, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\css\themes\mindspark, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\css\themes\plain, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\css\themes\taskbar, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\css\themes\v5parity, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\images, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\images\logo, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\images\newtab, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\images\search, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\images\vanilla, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets\imesh-lyrics, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets\imesh-music-box, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets\search-box-imesh, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets\search-box-imesh\images, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets\toolbar-options_imesh_music_imh2-dtx, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets\toolbar-options_imesh_music_imh2-dtx\css, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets\toolbar-options_imesh_music_imh2-dtx\images, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets\toolbar-options_imesh_music_imh2-dtx\js, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\config\skin\widgets\toolbar-options_imesh_music_imh2-dtx\js\lib, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\content_script, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\content_script\hack, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\lib, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\lib\shims, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\tb_ux, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets\options, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets\options\images, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets\rebuttal, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets\rebuttal\images, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets\search-suggestion, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets\templates, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets\templates\css, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets\templates\css\images, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Bandoo.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaihhnfnbnpbhpagnmoplpcjbediml\35.9_0\widgets\templates\js, , [c9ffa15bc9c073c3230d1e5b768d28d8],
PUP.Optional.Staging.A, C:\ProgramData\dl159, , [794f0af21376e3539eb5314849ba01ff],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

Winterland

 

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:11 PM

Posted 30 January 2015 - 09:06 AM


I can only suggest that you remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser (or Chrome).

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Run the AdwCleaner and MBAM and see if the problem persists.

#14 Winterland

Winterland
  • Topic Starter

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:07:11 PM

Posted 30 January 2015 - 09:08 AM

Great, will do.

 

Appreciate the ongoing help.

 

Will give you an update as soon as these steps are completed.

 

Winterland


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#15 Winterland

Winterland
  • Topic Starter

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:07:11 PM

Posted 31 January 2015 - 10:34 AM

Good morning nasdaq.

 

Followed your instructions and things are looking good with the sole exception of a single PUM that keeps popping up in my MBAM Threat Scans on both the Guest and Vicky Profiles, which are the two profiles on this computer.

 

I'm not sure if this one PUM is a leftover (and not to be concerned about) or a legit concern. I have gone through the aforementioned - Quarantine / Delete / Reboot on both profiles and upon rebooting, there it is again.

 

 

 

On the plus side, I have run Full Scans with Avast on both Profiles, and those scans are coming up clean, thankfully.

 

 

I'm attaching the Threat Scan results that I ran on each Profile (Vicky and Guest) this morning.

 

Winterland

 

 

 

 

 

 

 

Attached Files


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users