Jump to content

Many Adware/virus problems


Leeco

Recommended Posts

I am having a lot of problems on my PC.  I ran a MalwareBytes scan earlier that came back with 788 issues detected...some had the name Volsteran.  The majority of my problems are getting new extensions added onto Google Chrome everyday...I go in and disable them and trash it, then the next day they(or others) are back giving me pop ups.  I have Microsoft security essentials run a scan every morning, but apparently it didn't stop anything.  I have looked through my program files and there are a number of them that look to be adware(mostly consisting of "coupon" something or other).  

 

Please help!

Link to post
Share on other sites

Hello and :welcome:

 

I'm Radek and I'll try to help you with your issue.

 

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.

Limit your internet access to posting here, some infections just wait to steal typed-in passwords.

Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.

Paste the logs in your posts, attachments make my work harder and more complicated.

Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.

Note that we may live in totally different time zones, what may cause some delays between answers.


I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 



 

 

Can you post me the log from Malwarebytes' scan?
Link to post
Share on other sites

Hi and thanks for getting back so quickly.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/9/2015
Scan Time: 7:43:41 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.09.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tina
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327063
Time Elapsed: 11 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64, Quarantined, [e188d14b56348fa7d82a990f8d76de22], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64, Quarantined, [9acfb06ce3a76bcb9b678523709331cf], 
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [79f0809c3852f54197375f302cd79070], 
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [beab4fcd9af041f5537bf09f867d0af6], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2221511692-1055907093-552829895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, Quarantined, [2f3aab712e5c44f2f2d4b25df60fee12], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2221511692-1055907093-552829895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [0a5fae6e66249b9b4f80345b15ee728e], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2221511692-1055907093-552829895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [2e3b110bbbcf1e187172f6da41c2ff01], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2221511692-1055907093-552829895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [de8b9a829ded92a4975f5195c53f01ff], 
 
Registry Values: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2221511692-1055907093-552829895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1Y1L1M1G1I1Q, Quarantined, [de8b9a829ded92a4975f5195c53f01ff]
PUP.Optional.Astromenda, HKU\S-1-5-21-2221511692-1055907093-552829895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Astromenda, Quarantined, [77f2e438ee9ce74fb7da4b3e986b55ab]
 
Registry Data: 3
PUP.Optional.GboxApp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/?aff=p, Good: (www.google.com), Bad: (http://search.gboxapp.com/?aff=p),Replaced,[6603da424a40a294e65b1a92f114d828]
PUP.Optional.GboxApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/?aff=p, Good: (www.google.com), Bad: (http://search.gboxapp.com/?aff=p),Replaced,[c7a2df3d61299c9a3110426af510847c]
PUP.Optional.GboxApp.A, HKU\S-1-5-21-2221511692-1055907093-552829895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/?aff=p, Good: (www.google.com), Bad: (http://search.gboxapp.com/?aff=p),Replaced,[90d90d0f5a3083b3fe44c3e948bd768a]
 
Folders: 125
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\databases, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\data, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather\images, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\css, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\about, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\apps, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\discovery, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\ftue, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\pageAction, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\image-upload, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\loaders, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\notifications, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs\cat, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\bubbles, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\buttons, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\city, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\clean, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\disco, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\fishing, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\forest, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\mountains, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\planets, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sea, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\space, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\strips, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sunset, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\user, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\ar, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\de, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\en, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\es, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\fr, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\he, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\it, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\ja, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\nl, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\pl, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\pt_BR, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\ru, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\tr, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\GPUCache, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\IndexedDB, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\IndexedDB\chrome-extension_bjaelnipcipenlfdoncdclohekeglkac_0.indexeddb.leveldb, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\JumpListIcons, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\JumpListIconsOld, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Session Storage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\User StyleSheets, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\pnacl, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
 
Files: 650
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64.sys, Quarantined, [e188d14b56348fa7d82a990f8d76de22], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys, Quarantined, [9acfb06ce3a76bcb9b678523709331cf], 
PUP.Optional.Vosteran.A, C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\searchplugins\Vosteran.xml, Quarantined, [d297a07ce0aa162007588d8223e25ea2], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\astcnfg.dat, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Certificate Revocation Lists, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Local State, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Archived History, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Archived History-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Bookmarks, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Bookmarks.bak, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cookies, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Current Session, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Current Tabs, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extension Cookies, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extension Cookies-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Favicons, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Favicons-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Google Profile.ico, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\History, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\History Provider Cache, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\History-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Last Session, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Last Tabs, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Network Action Predictor, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Network Action Predictor-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Origin Bound Certs, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Origin Bound Certs-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Preferences, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\QuotaManager, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\QuotaManager-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\README, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Shortcuts, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Shortcuts-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Top Sites, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Top Sites-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Visited Links, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Web Data, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Web Data-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\data_0, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\data_1, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\data_2, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\data_3, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000001, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000002, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000003, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000004, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000005, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000006, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000007, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000008, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000009, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_00000a, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_00000b, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_00000c, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_00000d, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_00000e, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_00000f, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000010, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\f_000011, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Cache\index, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\databases\Databases.db, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\databases\Databases.db-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\background.html, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\manifest.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\newtab.html, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\opentab.html, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\comp.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\phone-frame.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\phone.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\0-mobile.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\0.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\1-mobile.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\1.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\2-mobile.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\2.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\3-mobile.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\3.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\4-mobile.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\4.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\5-mobile.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots\5.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\data\gallery.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\9gag.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\afterDownload.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\aim.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\aim_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\aliexpress.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\amazon.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\apple.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\app_store.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\arto.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\aws.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\baidu.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\basecamp.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\bebo.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\behance.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\bing.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blip.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blogger.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\bnter.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\booking.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\brightkite.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\castPlatform.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\cinch.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\cloudapp.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\coroflot.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\creative_commons.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\dailybooth.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\delicious.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\designfloat.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\designmoo.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\deviantart.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\digg.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\digg_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\diigo.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\dribbble.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\dropbox.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\drupal.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\dx.jpg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\dzone.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\ebay.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\ember.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\etsy.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\expedia.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\facebook.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\facebook.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\facebook_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\facebook_places.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\facto.me.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\feedburner.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\flickr.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\folkd.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\formspring.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\forrst.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\foursquare.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\foxtab.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\friendfeed.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\friendster.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\funmoods.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\gameo.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\gameo.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\gdgt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\github.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\github_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\gmail.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\goodreads.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\goodWeather.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\google-drive.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\google_buzz.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\google_talk.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\gowalla.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\gowalla_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\grooveshark.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\hacker_news.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\hi5.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\hype_machine.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\hyves.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\icq.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\identi.ca.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\designbump.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\evernote.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\google.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-linkedin.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\livejournal.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\newsvine.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\playstation.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\whatsapp.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\installCore.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\instapaper.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\ironSource.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-bizcards.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-confluence.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-employeeGuide.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-facebook.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-googleplus.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-jira.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-news.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-presence.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-signature.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\iS-twitter.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\itunes.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\jira.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\kik.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\krop.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\kudosKit.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\last.fm.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\linkedin.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\linkedin_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\lovedsgn.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\meetup.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\metacafe.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\ming.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\mister_wong.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\mixx.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\mixx_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\mobileCore.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\mobileme.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\msn_messenger.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\myspace.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\myspace_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\netflix.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\noaa.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\nytimes.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\official.fm.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\openid.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\orkut.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\pandora.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\path.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\paypal.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\photobucket.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\picasa.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\picassa.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\pinboard.in.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\ping.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\pingchat.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 
Link to post
Share on other sites

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\pivotal.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\plixi.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\plurk.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\podcast.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\posterous.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\qik.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\quik.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\quora.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\rdio.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\readernaut.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\reddit.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\retweet.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\robo.to.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\rss.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\salesforce.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\savefront.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\savefront.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\scribd.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\sharethis.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\simplenote.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\skype.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\slashdot.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\slideshare.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\smugmug.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\soundcloud.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\spearmintBrowser.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\spotify.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\spotsMagic.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\squarespace.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\squidoo.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\steam.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\stumbleupon.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\technorati.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\theweatherchannel.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\threewords.me.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\trello.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\tribe.net.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\tripadvisor.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\tripit.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\tumblr.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\tweaks-soft.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\twitter.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\twitter_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\twitter_old.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\vcard.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\viddler.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\vimeo.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\virb.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\w3.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\weatherbug.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\wikipedia.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\windows.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\wists.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\wordpress.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\wordpress_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\xing.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\yahoo!_buzz.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\yahoo!_messenger.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\yahoo.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\yelp.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\youtube.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\youtube_alt.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\zerply.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\zootool.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\zynga.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday\amazon.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday\bestbuy.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday\kmart.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday\newegg.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday\overstock.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday\samsung.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday\target.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday\wallmart.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather\images\clock-icon-small-black.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather\images\clock-icon-small.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather\images\cloud-icon-small-black.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather\images\cloud-icon-small.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather\images\icons-black.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather\images\icons.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\css\jquery-ui-1.10.3.custom.min.css, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\css\newtab.css, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\css\normalize.css, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\css\opentab.css, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\css\opentab_global.css, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\close-btn.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\close_80x80.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\default-image-grey.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\default-image.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\default-image.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\powered-by-google.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\about\spotsbeta.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\apps\android-white.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\apps\download.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\apps\star.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\apps\star_full.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean\add.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean\chrome_apps.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean\menu-icon.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean\profile.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean\recently.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean\search.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean\searchb.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean\sms.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\discovery\arrow-down-active.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\discovery\arrow-down.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\discovery\discovery_facebook.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites\add-item-icon-black.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites\add-item-icon.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites\arrow-down.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites\arrow-up.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites\edit-item-icon.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites\new-tab.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites\plus-black.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites\plus-white.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites\remove-item-icon.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\ftue\arrow-up.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\ftue\ftue-finish-icon.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\ftue\ftue-phone.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\ftue\search-bar.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\128.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\16.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\48.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\arrow-down.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\logo.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\v-icon.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\whitelogo.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\x-icon.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\pageAction\19x19.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\pageAction\19x19b.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\pageAction\38x38.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\pageAction\38x38b.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\image-upload\computer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\image-upload\screenshot1.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\image-upload\screenshot2.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\image-upload\screenshot3.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\image-upload\screenshot4.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\image-upload\warning.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\loaders\loader.swf, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\loaders\loader_white.swf, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\notifications\birthday-black.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\notifications\birthday.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\notifications\dismiss-icon-black.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\notifications\dismiss-icon.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\notifications\event-black.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\notifications\event.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\notifications\minimize.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\em-clean.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\!.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\android-clean.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\android.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\call-clean.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\call.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\close-chat-clean.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\close-chat.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\contact-default-clean.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\contact-default.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\contact-opacity.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\hangup-black.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\hangup-clean.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\hangup.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\phone-welcome-dismiss-icon-clean.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\phone-welcome-dismiss-icon.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\phone_icon-clean.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\phone_icon.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\phone_preview-clean.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\phone_preview.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\search-call-black.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\search-call-clean.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\search-call.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\search-clean.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\search.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\sms-black.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\sms-clean.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone\sms.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs\plane.gif, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs\rating-star.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs\cat\cat_1.gif, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs\cat\cat_2.gif, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs\cat\cat_3.gif, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs\cat\cat_4.gif, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs\cat\cat_5.gif, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\bookmark-icon-black.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\bookmark-icon-white.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\calculator-icon-black.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\calculator-icon-white.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\hangup.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\navigation-icon-black.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\navigation-icon-white.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\phone_preview.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\plus-dark-sm.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\remove-dark-sm.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\search-black.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\search-icon-black.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\search-icon-white.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\search.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\sms.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\web-result-icon-black.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search\web-result-icon-white.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\bubbles\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\bubbles\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\bubbles\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\buttons\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\buttons\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\buttons\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\city\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\city\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\city\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\clean\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\disco\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\disco\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\disco\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\fishing\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\fishing\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\fishing\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\forest\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\forest\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\forest\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\mountains\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\mountains\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\mountains\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\planets\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\planets\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\planets\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sea\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sea\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sea\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\space\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\space\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\space\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\strips\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\strips\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\strips\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sunset\bg.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sunset\footer.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sunset\thumb.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\user\login.svg, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\user\menu-icon.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\jquery.inview.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\aes.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\angular-animate.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\angular-route.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\angular.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\async.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\aws-sdk-2.0.0-rc9.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\eventsource.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\idbstore.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\jquery-2.1.1.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\jquery-ui-1.10.3.custom.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\js-canvas-to-blob.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\lodash.underscore.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\md5.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\mixins.loadash.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\moment-with-langs.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\moment.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\phoneformat.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\sortable.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\TweenMax.min.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib\utils.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_de.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_en.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_es.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_fr.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_he.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_it.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_ja.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_nl.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_pl.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_pt.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_ru.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales\i18n_tr.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\ar\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\de\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\en\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\es\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\fr\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\he\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\it\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\ja\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\nl\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\pl\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\pt_BR\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\ru\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\tr\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata\verified_contents.json, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\GPUCache\data_0, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\GPUCache\data_1, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\GPUCache\data_2, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\GPUCache\data_3, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\GPUCache\index, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\IndexedDB\chrome-extension_bjaelnipcipenlfdoncdclohekeglkac_0.indexeddb.leveldb\000005.ldb, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\IndexedDB\chrome-extension_bjaelnipcipenlfdoncdclohekeglkac_0.indexeddb.leveldb\000006.log, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\IndexedDB\chrome-extension_bjaelnipcipenlfdoncdclohekeglkac_0.indexeddb.leveldb\CURRENT, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\IndexedDB\chrome-extension_bjaelnipcipenlfdoncdclohekeglkac_0.indexeddb.leveldb\LOCK, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\IndexedDB\chrome-extension_bjaelnipcipenlfdoncdclohekeglkac_0.indexeddb.leveldb\LOG, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\IndexedDB\chrome-extension_bjaelnipcipenlfdoncdclohekeglkac_0.indexeddb.leveldb\LOG.old, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\IndexedDB\chrome-extension_bjaelnipcipenlfdoncdclohekeglkac_0.indexeddb.leveldb\MANIFEST-000004, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\JumpListIcons\DFB8.tmp, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\JumpListIcons\DFC8.tmp, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\JumpListIcons\DFC9.tmp, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\JumpListIcons\E039.tmp, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\JumpListIconsOld\7F8A.tmp, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\JumpListIconsOld\7F9A.tmp, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_bjaelnipcipenlfdoncdclohekeglkac_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_jhgjgbepielhcjdamofdopfmfcdcfiin_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_jhgjgbepielhcjdamofdopfmfcdcfiin_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_lbogngdonllpkiehjhamhcampcmhdfmn_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_lbogngdonllpkiehjhamhcampcmhdfmn_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_oilkkkefbalmbfppgjmgjoefbclebkce_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_ad.doubleclick.net_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_ad.doubleclick.net_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_connexity.net_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_connexity.net_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_mail.google.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_social.technet.microsoft.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_social.technet.microsoft.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_www.donation-tools.org_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_www.donation-tools.org_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_www.google.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_aback-structurec37c4d.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_ads.onimp03.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_ads.onimp03.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_ads.qadservice.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_ads.qadservice.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_adserver2717f6next.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_adserver2717f6next.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\https_mail.google.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_aback-structurec37c4d.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_cher.ehomestudy.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_cher.ehomestudy.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_connexity.net_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_connexity.net_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_disqus.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_disqus.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_downloadtx.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_downloadtx.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_euyzz.updateinstall.vasegiraffe.xyz_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_euyzz.updateinstall.vasegiraffe.xyz_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_ib.adnxs.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_ib.adnxs.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_malwaretips.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_malwaretips.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_pcfilehelp.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_pcfilehelp.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_pcfixing1.net_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_pcfixing1.net_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_pstatic.datafastguru.info_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_pstatic.datafastguru.info_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_pstatic.ushopcomp.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_pstatic.ushopcomp.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_thanksforthedownload.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_thanksforthedownload.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_www.efix.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_www.efix.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_www.feathersfinsandfur.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_www.feathersfinsandfur.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_www.kbdadsfast.com_0.localstorage, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Local Storage\http_www.kbdadsfast.com_0.localstorage-journal, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Session Storage\000003.log, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Session Storage\CURRENT, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Session Storage\LOCK, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Session Storage\LOG, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\Session Storage\MANIFEST-000002, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.Vosteran, C:\Users\Tina\AppData\Local\Vosteran\User Data\Default\User StyleSheets\Custom.css, Quarantined, [8adf9587692105315c6f0d6f9370b44c], 

PUP.Optional.GboxApp.A, C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://vosteran.com/?f=7&a=vst_secureddownload_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBzztB0B0C0BzyzyyB0ByBtAtD0EtC0BtN0D0Tzu0StCtCtDzytN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0FtByEyDyDyEzztGtAtA0E0EtG0C0ByCtCtG0AtCtA0EtGtB0EtAyC0BtAzzyC0D0F0ByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEtBtD0FyC0FtDtG0BtD0F0FtGyE0DyC0AtG0BtAtB0CtGyDtCyC0AyEzyzytBtAtCtCtB2Q&cr=781314650&ir=", "http://vosteran.com/?f=7&a=&cd=&cr=&ir=", "http://search.gboxapp.com/?aff=p" ],), Replaced,[a3c672aa5139dc5aa75a21d1c2439f61]

PUP.Optional.GboxApp.A, C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.gboxapp.com/?aff=p''>http://search.gboxapp.com/?aff=p'>http://search.gboxapp.com/?aff=p");),Replaced,[1059928a9af0b284e717d71a1ce948b8]

PUP.Optional.Vosteran.A, C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\user.js, Quarantined, [6efb8b917f0b06307739816fb05548b8], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

OK, that was a bunch of junk.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by Tina (administrator) on TINA-PC on 09-02-2015 11:18:57

Running from C:\Users\Tina\Desktop

Loaded Profiles: Tina (Available profiles: Tina)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBW32.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-03] (Intel Corporation)

HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-12-06] (Intuit Inc. All rights reserved.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk

ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBW32.EXE (Intuit Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-2221511692-1055907093-552829895-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp









BHO: WOwCouponn -> {384ff492-5dbc-4fc7-84bf-a5569ec363c8} -> C:\ProgramData\WOwCouponn\JUx6L1Zc8M4juP.x64.dll No File

BHO: coupoonpeak -> {516728c4-1cc9-4edd-802b-26819749df6b} -> C:\ProgramData\coupoonpeak\jIugriHAgwVsbO.x64.dll No File

BHO: SaLesMaegneet -> {bf5a8c8c-5578-47a0-91be-1d777f2e81e2} -> C:\Program Files (x86)\SaLesMaegneet\xS6imM6Ki3OD78.x64.dll ()

BHO: LuckYCoupion -> {e925766d-4b59-4f43-9aa9-284dc34c1545} -> C:\ProgramData\LuckYCoupion\59xOs5XfFovZea.x64.dll No File

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: WOwCouponn -> {384ff492-5dbc-4fc7-84bf-a5569ec363c8} -> C:\ProgramData\WOwCouponn\JUx6L1Zc8M4juP.dll No File

BHO-x32: coupoonpeak -> {516728c4-1cc9-4edd-802b-26819749df6b} -> C:\ProgramData\coupoonpeak\jIugriHAgwVsbO.dll No File

BHO-x32: SaLesMaegneet -> {bf5a8c8c-5578-47a0-91be-1d777f2e81e2} -> C:\Program Files (x86)\SaLesMaegneet\xS6imM6Ki3OD78.dll ()

BHO-x32: LuckYCoupion -> {e925766d-4b59-4f43-9aa9-284dc34c1545} -> C:\ProgramData\LuckYCoupion\59xOs5XfFovZea.dll No File

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF ProfilePath: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939

FF DefaultSearchEngine: Google

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Extension: FlasHaCeOOupoenn - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\0CUJbB@v.edu [2015-01-06]

FF Extension: PriCeDoWnloader - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\7rarn@gaLQ32.edu [2015-01-06]

FF Extension: TicaTaCaouopon - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\C4TNxgt@t.net [2015-01-06]

FF Extension: topodeaal - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\dmi@V.edu [2015-01-06]

FF Extension: RRoyailSihoppEirApp - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\v3@73ZwE.net [2015-02-03]

FF Extension: ProoSShopper - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\Yg@2.edu [2015-01-06]

FF Extension: RoyalCouPon - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\ZGbemK4@t.org [2015-01-14]

FF HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

StartMenuInternet: FIREFOX.EXE - firefox.exe

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-11]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]

CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-11]

CHR Extension: (Google Search) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-11]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-11]

CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]

CHR Extension: (Gmail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-11]

CHR HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tina\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-19]

CHR HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path

CHR HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

StartMenuInternet: Google Chrome - chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 4a3f189e; c:\Program Files (x86)\GreatSaver\DealMaker.dll [4237824 2014-11-24] () [File not signed]

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-06] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-06] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-06] (Intuit Inc.) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S1 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [25244 2008-09-04] (Adaptec)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-09 11:18 - 2015-02-09 11:19 - 00017714 _____ () C:\Users\Tina\Desktop\FRST.txt

2015-02-09 11:17 - 2015-02-09 11:19 - 00000000 ____D () C:\FRST

2015-02-09 11:17 - 2015-02-09 11:17 - 02132992 _____ (Farbar) C:\Users\Tina\Desktop\FRST64.exe

2015-02-04 16:20 - 2015-02-04 16:20 - 00001020 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (9).XLS

2015-02-04 16:17 - 2015-02-04 16:17 - 00001020 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (8).XLS

2015-02-04 10:31 - 2015-02-04 10:31 - 00430872 _____ () C:\Users\Tina\Downloads\messagefromkmbt_c220.zip

2015-01-30 13:06 - 2015-01-30 13:06 - 00349544 _____ (Adobe Systems Incorporated) C:\Users\Tina\Downloads\AcroRd32.exe

2015-01-29 08:44 - 2015-01-29 08:44 - 01525343 _____ () C:\Users\Tina\Downloads\Cameron MTMS Surface Supplier Training.zip

2015-01-28 15:46 - 2015-02-09 09:10 - 00000020 _____ () C:\Users\Tina\AppData\Roaming\appdataFr3.bin

2015-01-28 10:33 - 2015-01-28 10:33 - 00014954 _____ () C:\Users\Tina\Downloads\Leeco Spring Open PO 01-28-15.xlsx

2015-01-27 23:26 - 2015-01-28 17:17 - 00000000 ____D () C:\Program Files (x86)\SaLesMaegneet

2015-01-27 23:26 - 2015-01-28 17:17 - 00000000 ____D () C:\Program Files (x86)\RRoyailSihoppEirApp

2015-01-27 13:19 - 2015-01-27 13:19 - 00510593 _____ () C:\Users\Tina\Downloads\princess ubby abbyblazek 012215  Twitter.html

2015-01-27 09:01 - 2015-01-27 09:01 - 00013154 _____ () C:\Users\Tina\Downloads\snc_s

2015-01-27 08:32 - 2015-01-27 08:34 - 00002048 ____H () C:\Users\Tina\Desktop\WC-8E0526-GE316SS.fdi

2015-01-26 16:00 - 2015-01-26 16:00 - 00009832 _____ () C:\Users\Tina\Downloads\po by vendor qry all (1).xlsx

2015-01-23 15:13 - 2015-01-23 15:13 - 00001020 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (7).XLS

2015-01-23 08:46 - 2015-01-23 08:46 - 00027105 _____ () C:\Users\Tina\Desktop\ATC PICKUP FORM (ANGEL BROOKS).xlsx

2015-01-23 08:44 - 2015-01-23 08:44 - 00027428 _____ () C:\Users\Tina\Downloads\ATC #A000343144.xlsx

2015-01-23 08:09 - 2015-01-23 08:23 - 00000000 ____D () C:\Users\Tina\Desktop\Alchemy Workcard Changes

2015-01-23 07:45 - 2015-01-23 07:45 - 00083426 _____ () C:\Users\Tina\Downloads\noname.eml

2015-01-22 08:44 - 2015-01-22 08:44 - 00008905 _____ () C:\Users\Tina\Downloads\packing_slip_252964.html

2015-01-20 07:54 - 2015-01-20 07:54 - 00001020 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (6).XLS

2015-01-16 12:03 - 2015-01-16 12:37 - 00002048 ____H () C:\Users\Tina\Desktop\Tami - Test.fdi

2015-01-16 11:22 - 2015-02-09 08:03 - 00303532 _____ () C:\Windows\PFRO.log

2015-01-16 11:22 - 2015-02-09 08:03 - 00000280 _____ () C:\Windows\setupact.log

2015-01-16 11:22 - 2015-01-16 11:22 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2015-01-16 11:22 - 2015-01-16 11:22 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-15 09:45 - 2015-01-15 09:45 - 00000765 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (5).XLS

2015-01-14 17:13 - 2015-01-14 17:13 - 00022528 _____ () C:\Users\Tina\AppData\Local\dsisetup158725552.exe

2015-01-14 17:13 - 2015-01-14 17:13 - 00000010 _____ () C:\Users\Tina\AppData\Local\DSI.DAT

2015-01-14 16:14 - 2015-01-16 11:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-01-14 16:14 - 2015-01-14 16:14 - 00000000 ____D () C:\Users\Tina\AppData\Local\IsolatedStorage

2015-01-14 16:13 - 2015-01-14 16:13 - 02617648 _____ (VS Revo Group Ltd.) C:\Users\Tina\Downloads\revo-uninstaller.exe

2015-01-14 16:12 - 2015-01-14 16:12 - 00805904 _____ (SecuredDownload) C:\Users\Tina\Downloads\revo-uninstaller_setup.exe

2015-01-13 14:51 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-13 14:51 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-13 14:51 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-13 14:51 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-13 14:51 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-13 14:51 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-13 14:51 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-13 14:51 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-13 14:51 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-13 14:51 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-13 14:51 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-13 14:51 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-13 14:51 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 14:17 - 2015-01-13 14:17 - 00002048 ____H () C:\Users\Tina\Desktop\wc-12345.fdi

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-09 10:44 - 2014-11-06 09:10 - 01917029 _____ () C:\Windows\WindowsUpdate.log

2015-02-09 10:26 - 2014-11-06 09:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-09 09:36 - 2014-11-19 09:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-09 09:04 - 2009-07-13 22:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-09 09:04 - 2009-07-13 22:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-09 08:26 - 2014-11-06 09:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-09 08:04 - 2014-11-06 09:38 - 00000000 ___RD () C:\Users\Tina\Google Drive

2015-02-09 08:03 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-09 08:03 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SchCache

2015-02-05 14:29 - 2014-11-06 09:47 - 00000000 ____D () C:\Users\Tina\Desktop\LEECO Certificate of Compliance

2015-01-28 09:01 - 2014-11-06 09:47 - 00000000 ____D () C:\Users\Tina\Desktop\New Purchase Orders for XChange Editor

2015-01-27 23:26 - 2014-12-11 23:32 - 00000000 ____D () C:\ProgramData\5549782549748421338

2015-01-26 10:50 - 2015-01-05 09:14 - 00002048 ____H () C:\Users\Tina\Desktop\WC-7HJ072-GE-S.fdi

2015-01-22 10:12 - 2014-11-06 09:48 - 00000000 ____D () C:\Users\Tina\Desktop\Shipping  Docs

2015-01-21 14:32 - 2014-11-06 09:47 - 00000000 ____D () C:\Users\Tina\Desktop\Office Supply List

2015-01-16 08:42 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini

2015-01-15 16:30 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy

2015-01-15 10:04 - 2014-11-06 09:48 - 00000000 ____D () C:\Users\Tina\Desktop\WORKCARDS FOR QB'S

2015-01-15 00:13 - 2014-11-19 09:21 - 00000131 _____ () C:\Users\Tina\AppData\Roaming\WB.CFG

2015-01-14 16:13 - 2014-12-11 08:25 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-14 16:13 - 2014-11-19 15:35 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-14 03:01 - 2014-11-06 10:34 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 03:00 - 2014-11-06 10:34 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-13 08:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\L2Schemas

2015-01-13 08:10 - 2014-11-19 09:01 - 00000000 ____D () C:\ProgramData\4d04c9d3326a92da

 

==================== Files in the root of some directories =======

 

2015-01-28 15:46 - 2015-02-09 09:10 - 0000020 _____ () C:\Users\Tina\AppData\Roaming\appdataFr3.bin

2014-11-19 09:21 - 2015-01-15 00:13 - 0000131 _____ () C:\Users\Tina\AppData\Roaming\WB.CFG

2015-01-14 17:13 - 2015-01-14 17:13 - 0000010 _____ () C:\Users\Tina\AppData\Local\DSI.DAT

2015-01-14 17:13 - 2015-01-14 17:13 - 0022528 _____ () C:\Users\Tina\AppData\Local\dsisetup158725552.exe

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-03 00:57

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by Tina at 2015-02-09 11:19:28

Running from C:\Users\Tina\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)

Alchemy (HKLM-x32\...\{8766C1FF-2CA6-49DB-B324-9BDB51E55299}) (Version: 8.3.000 - Captaris)

Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

FormDocs 8.0.1 (HKLM-x32\...\FormDocs) (Version: 8.0.1 - FormDocs LLC)

Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML4SP2 (HKLM-x32\...\{CF9EF752-259A-4368-81A5-8C02D5EE7A55}) (Version: 1.0.0 - MSXML4)

QuickBooks (x32 Version: 25.0.4005.2506 - Intuit Inc.) Hidden

QuickBooks Enterprise Solutions: Mfg and Whsle Edition 15.0 (HKLM-x32\...\{8835645B-69AB-43B2-B6CA-0A6F1C66DF26}) (Version: 25.0.4005.2506 - Intuit Inc.)

QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)

VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)

VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

14-01-2015 16:15:24 Revo Uninstaller's restore point - Optimizer Pro v3.2

14-01-2015 16:23:05 Revo Uninstaller's restore point - WeatherBug®

15-01-2015 08:14:29 Revo Uninstaller's restore point - WSE_Vosteran

17-01-2015 11:32:34 Windows Update

20-01-2015 17:26:05 Windows Update

24-01-2015 16:09:19 Windows Update

27-01-2015 16:54:32 Windows Update

31-01-2015 06:55:54 Windows Update

03-02-2015 16:51:00 Windows Update

07-02-2015 06:56:15 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2015-01-16 11:16 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1C763176-C71F-4709-8417-C72687D3A068} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: {6AD0F074-19DA-4530-9741-42444E594B18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {78F8B77D-8296-44FA-9D5A-BD8B2F63F2B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-11-24 11:15 - 2014-11-24 11:15 - 04237824 _____ () c:\Program Files (x86)\GreatSaver\DealMaker.dll

2015-02-09 08:04 - 2015-02-09 08:04 - 00098816 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32api.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00110080 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\pywintypes27.dll

2015-02-09 08:04 - 2015-02-09 08:04 - 00364544 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\pythoncom27.dll

2015-02-09 08:04 - 2015-02-09 08:04 - 00045568 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\_socket.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 01160704 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\_ssl.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00320512 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32com.shell.shell.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00713216 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\_hashlib.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 01175040 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\wx._core_.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00805888 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\wx._gdi_.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00811008 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\wx._windows_.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 01062400 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\wx._controls_.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00735232 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\wx._misc_.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00128512 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\_elementtree.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00127488 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\pyexpat.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00557056 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\pysqlite2._sqlite.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00087552 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\_ctypes.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00119808 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32file.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00108544 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32security.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00007168 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\hashobjs_ext.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00167936 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32gui.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00018432 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32event.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00038912 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32inet.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00011264 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32crypt.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00070656 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\wx._html2.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00027136 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\_multiprocessing.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00035840 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32process.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00686080 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\unicodedata.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00122368 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\wx._wizard.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00024064 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32pipe.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00025600 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32pdh.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00525640 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\windows._lib_cacheinvalidation.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00010240 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\select.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00017408 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32profile.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00022528 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\win32ts.pyd

2015-02-09 08:04 - 2015-02-09 08:04 - 00078336 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI39642\wx._animate.pyd

2014-12-06 19:12 - 2014-12-06 19:12 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\boost_regex-vc120-mt-1_55.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00031560 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBCompressor.dll

2014-12-06 19:14 - 2014-12-06 19:14 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\zlib1.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00099144 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBMAPILibrary.dll

2014-12-06 22:31 - 2014-12-06 22:31 - 00245576 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\boost_serialization-vc120-mt-1_55.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00655688 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\FtuEngine.dll

2014-12-06 22:31 - 2014-12-06 22:31 - 00687432 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\BackupLib.dll

2014-12-06 22:33 - 2014-12-06 22:33 - 00085832 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBProActiveCore.dll

2014-12-06 19:11 - 2014-12-06 19:11 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\libcef.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00890184 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\FeaturesBridge.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00067400 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\mbpopup.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00151880 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\qbar.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Tina\Downloads\noname.eml:OECustomProperty

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Registry Areas =====================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2221511692-1055907093-552829895-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2221511692-1055907093-552829895-500 - Administrator - Disabled)

Guest (S-1-5-21-2221511692-1055907093-552829895-501 - Limited - Disabled)

Tina (S-1-5-21-2221511692-1055907093-552829895-1000 - Administrator - Enabled) => C:\Users\Tina

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/09/2015 08:05:36 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/08/2015 11:55:01 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error: (02/08/2015 11:55:01 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

 

Error: (02/08/2015 00:19:23 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error: (02/08/2015 00:19:22 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

 

Error: (02/07/2015 00:06:47 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error: (02/07/2015 00:06:47 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

 

Error: (02/06/2015 11:33:18 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 15.0":

Got unexpected error 5 in call to NetShareGetInfo for path \\QUICKBOOKS-PC\Users\Public\Quickbooks\Leeco Spring International.qbw

 

Error: (02/06/2015 11:33:18 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 15.0":

Got unexpected error 5 in call to NetShareGetInfo for path \\QUICKBOOKS-PC\Users\Public\Quickbooks\Leeco Spring International.qbw

 

Error: (02/06/2015 11:32:40 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 15.0":

Got unexpected error 5 in call to NetShareGetInfo for path \\QUICKBOOKS-PC\Users\Public\Quickbooks\Leeco Spring International.qbw

 

 

System errors:

=============

Error: (02/09/2015 08:04:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Aspi32

 

Error: (02/09/2015 08:03:41 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (02/09/2015 08:02:47 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {9E14B23B-5D8A-447F-B962-6D6D6897861E}

 

Error: (01/26/2015 06:45:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Aspi32

 

Error: (01/26/2015 06:45:16 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (01/26/2015 06:45:26 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 10:10:01 AM on ‎1/‎25/‎2015 was unexpected.

 

Error: (01/23/2015 03:58:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Aspi32

 

Error: (01/23/2015 03:58:13 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 3:55:54 PM on ‎1/‎23/‎2015 was unexpected.

 

Error: (01/23/2015 03:58:01 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (01/20/2015 09:13:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Aspi32

 

 

Microsoft Office Sessions:

=========================

Error: (02/09/2015 08:05:36 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/08/2015 11:55:01 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

 

Error: (02/08/2015 11:55:01 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

 

Error: (02/08/2015 00:19:23 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

 

Error: (02/08/2015 00:19:22 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

 

Error: (02/07/2015 00:06:47 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

 

Error: (02/07/2015 00:06:47 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

 

Error: (02/06/2015 11:33:18 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 15.0Got unexpected error 5 in call to NetShareGetInfo for path \\QUICKBOOKS-PC\Users\Public\Quickbooks\Leeco Spring International.qbw

 

Error: (02/06/2015 11:33:18 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 15.0Got unexpected error 5 in call to NetShareGetInfo for path \\QUICKBOOKS-PC\Users\Public\Quickbooks\Leeco Spring International.qbw

 

Error: (02/06/2015 11:32:40 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 15.0Got unexpected error 5 in call to NetShareGetInfo for path \\QUICKBOOKS-PC\Users\Public\Quickbooks\Leeco Spring International.qbw

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-2600 CPU @ 3.40GHz

Percentage of memory in use: 54%

Total physical RAM: 3976.9 MB

Available physical RAM: 1820.31 MB

Total Pagefile: 7951.98 MB

Available Pagefile: 5498.22 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:232.79 GB) (Free:150.26 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 16731672)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

OK, the next stage of the fixing.

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
Please include the contents of that file in your reply.
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 7 Home Premium x64

Ran by Tina on Mon 02/09/2015 at 11:36:26.54

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{384ff492-5dbc-4fc7-84bf-a5569ec363c8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{384ff492-5dbc-4fc7-84bf-a5569ec363c8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{384ff492-5dbc-4fc7-84bf-a5569ec363c8}

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{384ff492-5dbc-4fc7-84bf-a5569ec363c8}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{384ff492-5dbc-4fc7-84bf-a5569ec363c8}

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{384ff492-5dbc-4fc7-84bf-a5569ec363c8}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{384ff492-5dbc-4fc7-84bf-a5569ec363c8}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"

Successfully deleted: [Folder] "C:\Users\Tina\documents\optimizer pro"

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\3a7takxe.default-1418130210939\prefs.js

 

user_pref("extensions.6OLsL5bnGNe8tVcA.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11

user_pref("extensions.7LzlMRTf4EFBLx73.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pdg8pdn9qHgFqTkFrTYEqTC4qa\")>-1||ur

user_pref("extensions.9m2hHOIxJFwqRhhu.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pdg8pdn9qHgFqTkFrTYEqTC4qa\")>-1||ur

user_pref("extensions.Gwy1P9JtNCPeATcB.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pdg8pdn9qHgFqTkFrTYEqTC4qa\")>-1||ur

user_pref("extensions.jiO2NrlukzhOMhy3.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pdg8pdn9qHgFqTkFrTYEqTC4qa\")>-1||ur

user_pref("extensions.pA65WXjKAzJaVXhS.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale

user_pref("extensions.pYbl9oqLMOLkh8Xd.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pdg8pdn9qHgFqTkFrTYEqTC4qa\")>-1||ur

user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_secureddownload_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBzztB0B0C0BzyzyyB0ByBtAtD0EtC0BtN0D0Tzu0StCtCtDzytN1L2Xz

user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_secureddownload_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBzztB0B0C0BzyzyyB0ByBtAtD0EtC0BtN0D0Tzu0StCtCtDzytN1L2

user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");

user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");

user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_secureddownload_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBzztB0B0C0BzyzyyB0ByBtAtD0EtC0BtN0D0Tzu0StCtCtDzytN1

user_pref("extensions.tpjlrHIfyZ0Na6Sz.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pdg8pdn9qHgFqTkFrTYEqTC4qa\")>-1||ur

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 02/09/2015 at 11:38:32.90

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

I will be rebooting now, and then I will proceed with installing Adwcleaner and replying with that log.

Link to post
Share on other sites

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 11:59:00

# Updated 05/02/2015 by Xplode

# Database : 2015-02-08.1 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Tina - TINA-PC

# Running from : C:\Users\Tina\Desktop\adwcleaner_4.110.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\4d04c9d3326a92da

Folder Deleted : C:\ProgramData\5549782549748421338

Folder Deleted : C:\Program Files (x86)\GreatSaver

Folder Deleted : C:\Program Files (x86)\RRoyailSihoppEirApp

Folder Deleted : C:\Program Files (x86)\SaLesMaegneet

Folder Deleted : C:\Program Files (x86)\SSaverPro

Folder Deleted : C:\Users\Tina\AppData\Roaming\DigitalSites

Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\0CUJbB@v.edu

Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\7rarn@gaLQ32.edu

Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\C4TNxgt@t.net

Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\dmi@V.edu

Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\v3@73ZwE.net

Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\Yg@2.edu

Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\ZGbemK4@t.org

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd

Key Deleted : HKLM\SOFTWARE\Classes\.

Key Deleted : HKLM\SOFTWARE\Classes\..9

Key Deleted : HKLM\SOFTWARE\Classes\Pbf5a8c8c_5578_47a0_91be_1d777f2e81e2_.Pbf5a8c8c_5578_47a0_91be_1d777f2e81e2_

Key Deleted : HKLM\SOFTWARE\Classes\Pbf5a8c8c_5578_47a0_91be_1d777f2e81e2_.Pbf5a8c8c_5578_47a0_91be_1d777f2e81e2_.9

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{516728c4-1cc9-4edd-802b-26819749df6b}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bf5a8c8c-5578-47a0-91be-1d777f2e81e2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e925766d-4b59-4f43-9aa9-284dc34c1545}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AEF2BB85-DF75-41E2-8366-FB89A5F869F9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{516728c4-1cc9-4edd-802b-26819749df6b}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf5a8c8c-5578-47a0-91be-1d777f2e81e2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e925766d-4b59-4f43-9aa9-284dc34c1545}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{516728c4-1cc9-4edd-802b-26819749df6b}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bf5a8c8c-5578-47a0-91be-1d777f2e81e2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e925766d-4b59-4f43-9aa9-284dc34c1545}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{516728c4-1cc9-4edd-802b-26819749df6b}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{bf5a8c8c-5578-47a0-91be-1d777f2e81e2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{e925766d-4b59-4f43-9aa9-284dc34c1545}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{516728c4-1cc9-4edd-802b-26819749df6b}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf5a8c8c-5578-47a0-91be-1d777f2e81e2}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e925766d-4b59-4f43-9aa9-284dc34c1545}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\SecuredDownload

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

 

[3a7takxe.default-1418130210939\prefs.js] - Line Deleted : user_pref("extensions.pA65WXjKAzJaVXhS.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

 

-\\ Google Chrome v39.0.2171.95

 

[C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : oilkkkefbalmbfppgjmgjoefbclebkce

[C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fcfenmboojpjinhpgggodefccipikbpd

 

*************************

 

AdwCleaner[R0].txt - [6980 bytes] - [09/02/2015 11:52:46]

AdwCleaner[s0].txt - [6617 bytes] - [09/02/2015 11:59:00]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6676  bytes] ##########

Link to post
Share on other sites

Keeps getting better.

 

 

 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool.
Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by Tina (administrator) on TINA-PC on 09-02-2015 12:44:18

Running from C:\Users\Tina\Desktop

Loaded Profiles: Tina (Available profiles: Tina)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBW32.EXE

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-03] (Intel Corporation)

HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-12-06] (Intuit Inc. All rights reserved.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk

ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBW32.EXE (Intuit Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-2221511692-1055907093-552829895-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: WOwCouponn -> {384ff492-5dbc-4fc7-84bf-a5569ec363c8} -> C:\ProgramData\WOwCouponn\JUx6L1Zc8M4juP.x64.dll No File

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF ProfilePath: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939

FF DefaultSearchEngine: Google

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

StartMenuInternet: FIREFOX.EXE - firefox.exe

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-11]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]

CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-11]

CHR Extension: (Google Search) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-11]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-11]

CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]

CHR Extension: (Gmail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-11]

CHR HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tina\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-19]

CHR HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

StartMenuInternet: Google Chrome - chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-06] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-06] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-06] (Intuit Inc.) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S2 4a3f189e; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\GreatSaver\DealMaker.dll",serv

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S1 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [25244 2008-09-04] (Adaptec)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-09 12:04 - 2015-02-09 12:04 - 01388274 _____ (Thisisu) C:\Users\Tina\Downloads\JRT (2).exe

2015-02-09 11:52 - 2015-02-09 11:59 - 00000000 ____D () C:\AdwCleaner

2015-02-09 11:52 - 2015-02-09 11:52 - 02112512 _____ () C:\Users\Tina\Downloads\adwcleaner_4.110.exe

2015-02-09 11:52 - 2015-02-09 11:52 - 02112512 _____ () C:\Users\Tina\Desktop\adwcleaner_4.110.exe

2015-02-09 11:47 - 2015-02-09 11:47 - 01388274 _____ (Thisisu) C:\Users\Tina\Downloads\JRT (1).exe

2015-02-09 11:38 - 2015-02-09 11:38 - 00005208 _____ () C:\Users\Tina\Desktop\JRT.txt

2015-02-09 11:32 - 2015-02-09 11:32 - 01388274 _____ (Thisisu) C:\Users\Tina\Downloads\JRT.exe

2015-02-09 11:32 - 2015-02-09 11:32 - 01388274 _____ (Thisisu) C:\Users\Tina\Desktop\JRT.exe

2015-02-09 11:19 - 2015-02-09 11:19 - 00027528 _____ () C:\Users\Tina\Desktop\Addition.txt

2015-02-09 11:18 - 2015-02-09 12:44 - 00011730 _____ () C:\Users\Tina\Desktop\FRST.txt

2015-02-09 11:17 - 2015-02-09 12:44 - 00000000 ____D () C:\FRST

2015-02-09 11:17 - 2015-02-09 11:17 - 02132992 _____ (Farbar) C:\Users\Tina\Desktop\FRST64.exe

2015-02-04 16:20 - 2015-02-04 16:20 - 00001020 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (9).XLS

2015-02-04 16:17 - 2015-02-04 16:17 - 00001020 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (8).XLS

2015-02-04 10:31 - 2015-02-04 10:31 - 00430872 _____ () C:\Users\Tina\Downloads\messagefromkmbt_c220.zip

2015-01-30 13:06 - 2015-01-30 13:06 - 00349544 _____ (Adobe Systems Incorporated) C:\Users\Tina\Downloads\AcroRd32.exe

2015-01-29 08:44 - 2015-01-29 08:44 - 01525343 _____ () C:\Users\Tina\Downloads\Cameron MTMS Surface Supplier Training.zip

2015-01-28 15:46 - 2015-02-09 09:10 - 00000020 _____ () C:\Users\Tina\AppData\Roaming\appdataFr3.bin

2015-01-28 10:33 - 2015-01-28 10:33 - 00014954 _____ () C:\Users\Tina\Downloads\Leeco Spring Open PO 01-28-15.xlsx

2015-01-27 13:19 - 2015-01-27 13:19 - 00510593 _____ () C:\Users\Tina\Downloads\princess ubby abbyblazek 012215  Twitter.html

2015-01-27 09:01 - 2015-01-27 09:01 - 00013154 _____ () C:\Users\Tina\Downloads\snc_s

2015-01-27 08:32 - 2015-01-27 08:34 - 00002048 ____H () C:\Users\Tina\Desktop\WC-8E0526-GE316SS.fdi

2015-01-26 16:00 - 2015-01-26 16:00 - 00009832 _____ () C:\Users\Tina\Downloads\po by vendor qry all (1).xlsx

2015-01-23 15:13 - 2015-01-23 15:13 - 00001020 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (7).XLS

2015-01-23 08:46 - 2015-01-23 08:46 - 00027105 _____ () C:\Users\Tina\Desktop\ATC PICKUP FORM (ANGEL BROOKS).xlsx

2015-01-23 08:44 - 2015-01-23 08:44 - 00027428 _____ () C:\Users\Tina\Downloads\ATC #A000343144.xlsx

2015-01-23 08:09 - 2015-01-23 08:23 - 00000000 ____D () C:\Users\Tina\Desktop\Alchemy Workcard Changes

2015-01-23 07:45 - 2015-01-23 07:45 - 00083426 _____ () C:\Users\Tina\Downloads\noname.eml

2015-01-22 08:44 - 2015-01-22 08:44 - 00008905 _____ () C:\Users\Tina\Downloads\packing_slip_252964.html

2015-01-20 07:54 - 2015-01-20 07:54 - 00001020 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (6).XLS

2015-01-16 12:03 - 2015-01-16 12:37 - 00002048 ____H () C:\Users\Tina\Desktop\Tami - Test.fdi

2015-01-16 11:22 - 2015-02-09 12:00 - 00000392 _____ () C:\Windows\setupact.log

2015-01-16 11:22 - 2015-02-09 11:49 - 00303882 _____ () C:\Windows\PFRO.log

2015-01-16 11:22 - 2015-01-16 11:22 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2015-01-16 11:22 - 2015-01-16 11:22 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-15 09:45 - 2015-01-15 09:45 - 00000765 _____ () C:\Users\Tina\Downloads\List of Open Po''s - Vendor 209082 (5).XLS

2015-01-14 17:13 - 2015-01-14 17:13 - 00022528 _____ () C:\Users\Tina\AppData\Local\dsisetup158725552.exe

2015-01-14 17:13 - 2015-01-14 17:13 - 00000010 _____ () C:\Users\Tina\AppData\Local\DSI.DAT

2015-01-14 16:14 - 2015-01-16 11:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-01-14 16:14 - 2015-01-14 16:14 - 00000000 ____D () C:\Users\Tina\AppData\Local\IsolatedStorage

2015-01-14 16:13 - 2015-01-14 16:13 - 02617648 _____ (VS Revo Group Ltd.) C:\Users\Tina\Downloads\revo-uninstaller.exe

2015-01-14 16:12 - 2015-01-14 16:12 - 00805904 _____ (SecuredDownload) C:\Users\Tina\Downloads\revo-uninstaller_setup.exe

2015-01-13 14:51 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-13 14:51 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-13 14:51 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-13 14:51 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-13 14:51 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-13 14:51 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-13 14:51 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-13 14:51 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-13 14:51 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-13 14:51 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-13 14:51 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-13 14:51 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-13 14:51 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 14:17 - 2015-01-13 14:17 - 00002048 ____H () C:\Users\Tina\Desktop\wc-12345.fdi

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-09 12:26 - 2014-11-06 09:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-09 12:08 - 2009-07-13 22:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-09 12:08 - 2009-07-13 22:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-09 12:04 - 2014-11-06 09:10 - 01935538 _____ () C:\Windows\WindowsUpdate.log

2015-02-09 12:01 - 2014-11-06 09:38 - 00000000 ___RD () C:\Users\Tina\Google Drive

2015-02-09 12:00 - 2014-11-06 09:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-09 12:00 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-09 09:36 - 2014-11-19 09:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-09 08:03 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SchCache

2015-02-05 14:29 - 2014-11-06 09:47 - 00000000 ____D () C:\Users\Tina\Desktop\LEECO Certificate of Compliance

2015-01-28 09:01 - 2014-11-06 09:47 - 00000000 ____D () C:\Users\Tina\Desktop\New Purchase Orders for XChange Editor

2015-01-26 10:50 - 2015-01-05 09:14 - 00002048 ____H () C:\Users\Tina\Desktop\WC-7HJ072-GE-S.fdi

2015-01-22 10:12 - 2014-11-06 09:48 - 00000000 ____D () C:\Users\Tina\Desktop\Shipping  Docs

2015-01-21 14:32 - 2014-11-06 09:47 - 00000000 ____D () C:\Users\Tina\Desktop\Office Supply List

2015-01-16 08:42 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini

2015-01-15 16:30 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy

2015-01-15 10:04 - 2014-11-06 09:48 - 00000000 ____D () C:\Users\Tina\Desktop\WORKCARDS FOR QB'S

2015-01-15 00:13 - 2014-11-19 09:21 - 00000131 _____ () C:\Users\Tina\AppData\Roaming\WB.CFG

2015-01-14 16:13 - 2014-12-11 08:25 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-14 16:13 - 2014-11-19 15:35 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-14 03:01 - 2014-11-06 10:34 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 03:00 - 2014-11-06 10:34 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-13 08:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\L2Schemas

 

==================== Files in the root of some directories =======

 

2015-01-28 15:46 - 2015-02-09 09:10 - 0000020 _____ () C:\Users\Tina\AppData\Roaming\appdataFr3.bin

2014-11-19 09:21 - 2015-01-15 00:13 - 0000131 _____ () C:\Users\Tina\AppData\Roaming\WB.CFG

2015-01-14 17:13 - 2015-01-14 17:13 - 0000010 _____ () C:\Users\Tina\AppData\Local\DSI.DAT

2015-01-14 17:13 - 2015-01-14 17:13 - 0022528 _____ () C:\Users\Tina\AppData\Local\dsisetup158725552.exe

 

Some content of TEMP:

====================

C:\Users\Tina\AppData\Local\Temp\Quarantine.exe

C:\Users\Tina\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-03 00:57

 

==================== End Of Log ============================
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by Tina at 2015-02-09 12:45:09

Running from C:\Users\Tina\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)

Alchemy (HKLM-x32\...\{8766C1FF-2CA6-49DB-B324-9BDB51E55299}) (Version: 8.3.000 - Captaris)

Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

FormDocs 8.0.1 (HKLM-x32\...\FormDocs) (Version: 8.0.1 - FormDocs LLC)

Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML4SP2 (HKLM-x32\...\{CF9EF752-259A-4368-81A5-8C02D5EE7A55}) (Version: 1.0.0 - MSXML4)

QuickBooks (x32 Version: 25.0.4005.2506 - Intuit Inc.) Hidden

QuickBooks Enterprise Solutions: Mfg and Whsle Edition 15.0 (HKLM-x32\...\{8835645B-69AB-43B2-B6CA-0A6F1C66DF26}) (Version: 25.0.4005.2506 - Intuit Inc.)

QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)

VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)

VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

14-01-2015 16:15:24 Revo Uninstaller's restore point - Optimizer Pro v3.2

14-01-2015 16:23:05 Revo Uninstaller's restore point - WeatherBug®

15-01-2015 08:14:29 Revo Uninstaller's restore point - WSE_Vosteran

17-01-2015 11:32:34 Windows Update

20-01-2015 17:26:05 Windows Update

24-01-2015 16:09:19 Windows Update

27-01-2015 16:54:32 Windows Update

31-01-2015 06:55:54 Windows Update

03-02-2015 16:51:00 Windows Update

07-02-2015 06:56:15 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2015-01-16 11:16 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1C763176-C71F-4709-8417-C72687D3A068} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: {6AD0F074-19DA-4530-9741-42444E594B18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {78F8B77D-8296-44FA-9D5A-BD8B2F63F2B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-02-09 12:00 - 2015-02-09 12:00 - 00098816 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32api.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 00110080 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\pywintypes27.dll

2015-02-09 12:00 - 2015-02-09 12:00 - 00364544 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\pythoncom27.dll

2015-02-09 12:00 - 2015-02-09 12:00 - 00045568 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\_socket.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 01160704 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\_ssl.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00320512 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32com.shell.shell.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 00713216 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\_hashlib.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 01175040 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\wx._core_.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 00805888 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\wx._gdi_.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 00811008 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\wx._windows_.pyd

2015-02-09 12:00 - 2015-02-09 12:01 - 01062400 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\wx._controls_.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00735232 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\wx._misc_.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00128512 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\_elementtree.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00127488 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\pyexpat.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00557056 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\pysqlite2._sqlite.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00087552 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\_ctypes.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00119808 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32file.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00108544 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32security.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 00007168 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\hashobjs_ext.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00167936 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32gui.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00018432 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32event.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00038912 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32inet.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00011264 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32crypt.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 00070656 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\wx._html2.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 00027136 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\_multiprocessing.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00035840 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32process.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00686080 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\unicodedata.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00122368 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\wx._wizard.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 00024064 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32pipe.pyd

2015-02-09 12:01 - 2015-02-09 12:01 - 00025600 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32pdh.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00525640 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\windows._lib_cacheinvalidation.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00010240 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\select.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00017408 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32profile.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00022528 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\win32ts.pyd

2015-02-09 12:00 - 2015-02-09 12:00 - 00078336 _____ () C:\Users\Tina\AppData\Local\Temp\_MEI14002\wx._animate.pyd

2014-12-06 19:12 - 2014-12-06 19:12 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\boost_regex-vc120-mt-1_55.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00031560 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBCompressor.dll

2014-12-06 19:14 - 2014-12-06 19:14 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\zlib1.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00099144 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBMAPILibrary.dll

2014-12-06 22:31 - 2014-12-06 22:31 - 00245576 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\boost_serialization-vc120-mt-1_55.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00655688 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\FtuEngine.dll

2014-12-06 22:31 - 2014-12-06 22:31 - 00687432 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\BackupLib.dll

2014-12-06 22:33 - 2014-12-06 22:33 - 00085832 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBProActiveCore.dll

2014-12-06 19:11 - 2014-12-06 19:11 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\libcef.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00890184 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\FeaturesBridge.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00067400 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\mbpopup.dll

2014-12-06 22:32 - 2014-12-06 22:32 - 00151880 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\qbar.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-11 08:25 - 2014-12-05 19:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Tina\Downloads\noname.eml:OECustomProperty

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Registry Areas =====================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2221511692-1055907093-552829895-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2221511692-1055907093-552829895-500 - Administrator - Disabled)

Guest (S-1-5-21-2221511692-1055907093-552829895-501 - Limited - Disabled)

Tina (S-1-5-21-2221511692-1055907093-552829895-1000 - Administrator - Enabled) => C:\Users\Tina

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/09/2015 00:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/09/2015 11:51:10 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (02/09/2015 00:01:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Aspi32

 

Error: (02/09/2015 00:01:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the TrustMix service to connect.

 

Error: (02/09/2015 00:00:33 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (02/09/2015 00:00:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Print Spooler service failed to start due to the following error: 

%%1069

 

Error: (02/09/2015 00:00:01 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 

%%50

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (02/09/2015 11:59:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (02/09/2015 11:59:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (02/09/2015 11:59:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/09/2015 11:59:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (02/09/2015 11:59:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (02/09/2015 00:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/09/2015 11:51:10 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-2600 CPU @ 3.40GHz

Percentage of memory in use: 49%

Total physical RAM: 3976.9 MB

Available physical RAM: 2016.52 MB

Total Pagefile: 7951.98 MB

Available Pagefile: 5830.23 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:232.79 GB) (Free:150.18 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 16731672)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

OK, please do the following:

 

 

 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
startCreareRestorePoint:GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONBHO: WOwCouponn -> {384ff492-5dbc-4fc7-84bf-a5569ec363c8} -> C:\ProgramData\WOwCouponn\JUx6L1Zc8M4juP.x64.dll No FileC:\ProgramData\WOwCouponnCHR HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No PathS2 4a3f189e; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\GreatSaver\DealMaker.dll",servc:\Program Files (x86)\GreatSaverEmptyTemp:end
Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.
 
 
Please also update me how is your mavhine behaving after all we've done. That's not the end, but I need some more info from you than only the logfiles :)
Link to post
Share on other sites

Sure, please use the following text. Good catch of my typo :)

startCreateRestorePoint:GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONBHO: WOwCouponn -> {384ff492-5dbc-4fc7-84bf-a5569ec363c8} -> C:\ProgramData\WOwCouponn\JUx6L1Zc8M4juP.x64.dll No FileC:\ProgramData\WOwCouponnCHR HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No PathS2 4a3f189e; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\GreatSaver\DealMaker.dll",servc:\Program Files (x86)\GreatSaverEmptyTemp:end
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015

Ran by Tina at 2015-02-09 13:55:32 Run:1

Running from C:\Users\Tina\Desktop

Loaded Profiles: Tina (Available profiles: Tina)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CreateRestorePoint:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

BHO: WOwCouponn -> {384ff492-5dbc-4fc7-84bf-a5569ec363c8} -> C:\ProgramData\WOwCouponn\JUx6L1Zc8M4juP.x64.dll No File

C:\ProgramData\WOwCouponn

CHR HKU\S-1-5-21-2221511692-1055907093-552829895-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

S2 4a3f189e; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\GreatSaver\DealMaker.dll",serv

c:\Program Files (x86)\GreatSaver

EmptyTemp:

end

*****************

 

Restore point was successfully created.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{384ff492-5dbc-4fc7-84bf-a5569ec363c8}" => Key deleted successfully.

"HKCR\CLSID\{384ff492-5dbc-4fc7-84bf-a5569ec363c8}" => Key deleted successfully.

"C:\ProgramData\WOwCouponn" => File/Directory not found.

"HKU\S-1-5-21-2221511692-1055907093-552829895-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.

4a3f189e => Service deleted successfully.

"c:\Program Files (x86)\GreatSaver" => File/Directory not found.

EmptyTemp: => Removed 482.6 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 13:56:10 ====

Link to post
Share on other sites

Sorry, it seems to be working fine, possibly faster than usual(I am not the person who uses this computer everyday-they are not here today).  I am not experiencing any pop ups at this time, and Google Chrome is not showing any extensions installed at this time.

 

I only have a short time left before I have to go for the day, I will try to respond if I am able, but I will not be able to access this computer after I leave.  I will be able to continue working on it with you tomorrow if that is ok.

Link to post
Share on other sites

OK, so now we need to deal with the broken Chrome settings.

chrome.png Reset Chrome to defaults

Please open Google Chrome.

  • Enter the Chrome menu by clicking the chrome-menu.png button.
  • Select Settings.
  • Click Show advanced settings and find the Reset browser settings section.
  • Click Reset browser settings.
  • In the dialog that appears, click Reset.
  • Chrome will reset itself.
Bare in mind that all your browsing history, passwords, cookies will be saved. This procedure will only remove all extensions, themes, plugins etc. and restore Chrome engine to a state similar after a fresh installation.

remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • Google Chrome
After completing uninstalls, please manually reboot your machine!

chrome.png Google Chrome reinstall

Please go to the official Chrome download website and install a fresh version.

Report when done please.

Link to post
Share on other sites

Good, now hopefully the last two scans.

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=b9b87f45f9bc9f4fa98da400baece114

# engine=22404

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-02-10 05:27:04

# local_time=2015-02-10 11:27:04 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 7382645 45622818 0 0

# scanned=197651

# found=36

# cleaned=0

# scan_time=3454

sh=2813EDBDD549582A06DA63831C9B8180A8BA4CC2 ft=1 fh=c71c0011a849c3f3 vn="a variant of Win32/Adware.MultiPlug.DX application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\GreatSaver\DealMaker.dll.vir"

sh=07D15AC08CC62A749BCE3673B563F91B64B15F73 ft=1 fh=c71c00114c5ad114 vn="a variant of Win32/Adware.MultiPlug.EG application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaLesMaegneet\xS6imM6Ki3OD78.dll.vir"

sh=25000CE694B8707A9C65AD8C49ABF0A1C6406849 ft=1 fh=8ed56cb4f543d03b vn="a variant of Win64/Adware.MultiPlug.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaLesMaegneet\xS6imM6Ki3OD78.x64.dll.vir"

sh=45D886C1A977AA48F44D358E06C0E7282EF864FB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\0CUJbB@v.edu\content\bg.js.vir"

sh=D68703372772235AD7DE67ADD09B0A43AAF8BBD3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\7rarn@gaLQ32.edu\content\bg.js.vir"

sh=2DF0567357A50A4F3A333F66C4F55A4CF212FBAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\C4TNxgt@t.net\content\bg.js.vir"

sh=2D8813C741C55D36E9AB62D9013CD6E6846961FE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\dmi@V.edu\content\bg.js.vir"

sh=2F7A67D2F6D77958E3DED432EDC3EF98EE14828A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\v3@73ZwE.net\content\bg.js.vir"

sh=474D9DA94AF079CE8D6E43E52221D62DD8908B11 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\Yg@2.edu\content\bg.js.vir"

sh=4B490601D7A7E43CAF0E7EA1AFC7AC70B081909A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\3a7takxe.default-1418130210939\Extensions\ZGbemK4@t.org\content\bg.js.vir"

sh=EB472A5F5CDBE47E5B53942F1971B26AF19A4945 ft=1 fh=c2ec1e05be884624 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\Conduit\Community Alerts\Aler0.dll"

sh=C0794B81D4232F94E3E59917E6EFE025A5AC72D4 ft=1 fh=793aa3eeb17df0ba vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\Conduit\Community Alerts\Alert.dll"

sh=B8F37D0B5801CC3397559A4BADA6FB2E2AAA6165 ft=1 fh=8020d1625c184b6b vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\Conduit\CT3196716\WiseConvertAutoUpdateHelper.exe"

sh=642822CB36493733B829D20B514471B46C5B0BD5 ft=1 fh=045ef86e0ed41b34 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\Conduit\CT3196716\WiseConvertToolbarHelper.exe"

sh=89EFB95EA494B79655C7F863F1C1281CD2709657 ft=1 fh=e87f6ab06a9e2986 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\hk64tbWis0.dll"

sh=F96DA94717A42485BFA09554472D1669B972A051 ft=1 fh=16edae702d5a3472 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\hk64tbWis2.dll"

sh=AB06A99D1673ACFDB102B0E2A1A77589CFEBEB88 ft=1 fh=1adb5a7836c4d687 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\hktbWis0.dll"

sh=BFFE5205E1E634259011D14420D2A522291DF4EE ft=1 fh=d361417ca891f53c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\hktbWis2.dll"

sh=4ED909DA6660CED26F0838A7C1233779B8A23013 ft=1 fh=779718076a3c51f7 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\ldrtbWis0.dll"

sh=C2A322173BFE435CA8D1E821F5A0DCB97A5C7F2D ft=1 fh=a133df1df4cb7951 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\ldrtbWis2.dll"

sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\ldrtbWise.dll"

sh=B24E3DDDEBADE922CBBB4D910726576F58543587 ft=1 fh=7019312cd9cc83e2 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\prxtbWis0.dll"

sh=97D24FECAD3F726C56C0303CC66B4576877E9868 ft=1 fh=f7ae4dc8920ef0d0 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\prxtbWis2.dll"

sh=0BEB96A71B86E22B0B605D512C47BB0BA5A9AA7F ft=1 fh=963ff6bc3d69b8f0 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\tbWis0.dll"

sh=9E0A96449BD16DB18E6E4418F677565712B8EBFF ft=1 fh=79d5711226c99797 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\tbWis1.dll"

sh=F2D0E0D3645DDD751F293C391C560C4142FCD1D3 ft=1 fh=2fcbc68ed4edd523 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\tbWis2.dll"

sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\tbWise.dll"

sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Application Data\WiseConvert\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"

sh=0962B968C2A7FF70225EF353F1C74C6121ACED87 ft=1 fh=d7b180ef3e4e170b vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Temp\APNSetup.exe"

sh=0C3B662680A08E408A377DF5DF75AF78855D9BB6 ft=1 fh=b7bf4bc877f8f793 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Temp\ASK31.tmp"

sh=6846A2F81389B7C2A61509D795CE6B6B16E7297F ft=1 fh=1a23ae1e279c7a5f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Temp\ASKA7.tmp"

sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Tina\Desktop\tscates\Local Settings\Temp\tbedrs.dll"

sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tina\Downloads\ccsetup501.exe"

sh=871980B4BFDDB7E75700A7F1058879C2B0946D45 ft=1 fh=3c829ce111d9e877 vn="a variant of Win32/InstallCore.RK potentially unwanted application" ac=I fn="C:\Users\Tina\Downloads\FileOpenerSetup.exe"

sh=CA771BA5E0359F6DA79759F9A5D3D9418DFC245C ft=1 fh=79c8d029496dbbc3 vn="a variant of Win32/InstallCore.UN potentially unwanted application" ac=I fn="C:\Users\Tina\Downloads\revo-uninstaller_setup.exe"

sh=574D1879261D09093F60C5549D58DDE9012E1766 ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.C potentially unsafe application" ac=I fn="C:\Users\Tina\Google Drive\OLD STUFF FROM SAMBA SERVER, PRE GOOGLE DRIVE\NAMED FOLDERS FROM SAMBA\dpsims\20080630_website.tgz"

 

Running the security check in the next few moments.  Will reply again with that document.

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.96  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

  (On Access scanning disabled!) 

 Error obtaining update status for antivirus!  

`````````Anti-malware/Other Utilities Check:````````` 

  Java 64-bit 8 Update 31  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox 34.0.5 Firefox out of Date!  

 Google Chrome (40.0.2214.111) 

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.