Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New Malware


  • Please log in to reply

#1
scmba

scmba

    Member

  • Member
  • PipPipPip
  • 109 posts

Hi

 

My son was trying to download minecraft mods and then all these popups started coming, reidirecting to new websites, etc. 
"PCTechHotline" logo appears everywhere.  Here are OTL quickscan and Malbytes Log:  (Malbytes was run before OTL)

 

OTL Quickscan:

 

OTL logfile created on: 3/29/2014 2:29:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kids\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.49 Gb Total Physical Memory | 3.40 Gb Available Physical Memory | 61.95% Memory free
10.99 Gb Paging File | 8.68 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.59 Gb Total Space | 380.19 Gb Free Space | 86.29% Space Free | Partition Type: NTFS
Drive D: | 702.82 Mb Total Space | 693.37 Mb Free Space | 98.66% Space Free | Partition Type: UDF
 
Computer Name: MISTERMAGIC | User Name: Kids | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/29 14:28:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kids\Downloads\OTL.exe
PRC - [2014/03/28 18:52:28 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/28 08:01:48 | 000,460,288 | ---- | M] () -- C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
PRC - [2014/03/22 12:28:48 | 004,671,776 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/03/22 12:28:48 | 003,026,720 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/03/22 12:28:48 | 002,466,080 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/03/16 03:01:50 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/03/16 03:01:22 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/03/16 03:01:21 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/03/16 03:00:56 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/02/13 02:32:26 | 000,701,800 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
PRC - [2014/02/13 02:31:18 | 000,064,360 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
PRC - [2014/02/13 02:31:10 | 001,905,000 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
PRC - [2014/01/02 17:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/06/08 08:41:42 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe
PRC - [2011/05/17 13:54:44 | 000,024,576 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe
PRC - [2011/03/15 20:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe
PRC - [2009/12/04 16:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/08/21 16:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/28 18:52:28 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/28 08:01:48 | 000,460,288 | ---- | M] () -- C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
MOD - [2014/03/16 03:00:55 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/14 04:31:41 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 04:31:35 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 04:31:16 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 04:31:13 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/14 04:31:12 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 04:31:02 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/02 17:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 16:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2009/12/04 17:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 16:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/21 16:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
MOD - [2009/04/06 16:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
MOD - [2009/04/06 16:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
MOD - [2009/01/05 21:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
MOD - [2007/12/06 11:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/08/18 16:44:02 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/10 01:45:54 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/03/28 18:52:28 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/16 03:01:50 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/03/16 03:01:22 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/03/16 03:00:56 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/14 07:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/02/13 02:32:26 | 000,701,800 | ---- | M] (Crawler, LLC) [Auto | Running] -- C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe -- (PCTechHotlineSvc)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/15 20:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/02/01 16:13:28 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/02/01 16:13:28 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/02/01 16:13:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/24 12:10:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/24 12:10:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/10 02:43:24 | 010,201,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/08/10 02:43:24 | 010,201,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/08/10 01:07:10 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/16 07:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/20 02:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/03 15:24:28 | 000,870,400 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7LEND
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49194;https=127.0.0.1:49194
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...772A7210&SSPV="
FF - prefs.js..extensions.enabledAddons: TidyNetwork%40TidyNetwork:5.0
FF - prefs.js..extensions.enabledAddons: ce85a36c-113a-4928-aa86-88a31bd595e7%40aa144f8a-c1f6-481f-991c-18bf0472c970.com:0.93.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/14 12:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Extensions
[2014/03/29 12:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions
[2014/03/29 12:42:53 | 000,000,000 | ---D | M] ("Information") -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions\[email protected]f0472c970.com
[2014/03/29 10:44:11 | 000,000,000 | ---D | M] (TidyNetwork) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions\[email protected]
[2014/03/29 14:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions\[email protected]f0472c970.com\extensionData
[2014/03/29 14:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions\[email protected]f0472c970.com\extensionData\plugins
[2014/03/29 14:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\extensions\[email protected]f0472c970.com\extensionData\userCode
[2014/03/29 10:44:58 | 000,001,030 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\searchplugins\conduit-search.xml
[2014/03/28 18:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/28 18:52:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/28 18:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/03/28 18:52:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.condui...8772A7210&SSPV=
CHR - Extension: No name found = C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn\10.16.100.4_0\
CHR - Extension: No name found = C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Information) - {11111111-1111-1111-1111-110511031168} - C:\Program Files (x86)\Information\Information-bho64.dll File not found
O2:64bit: - BHO: (TidyNetwork) - {7A1E0100-AC72-3F5F-CFD8-6872635A42C9} - C:\Program Files (x86)\TidyNetwork\petn64.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [PCTechHotline] C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe (Crawler, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55B70B6-81CD-4D1C-B948-3EE882D310EA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0A66E06-343B-4876-8458-EAFC05969EE4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/29 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/03/29 10:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2014/03/29 10:44:34 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Local\emaze
[2014/03/29 10:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TidyNetwork
[2014/03/29 10:44:06 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Roaming\PC Tech Hotline
[2014/03/29 10:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
[2014/03/29 10:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTechHotline
[2014/03/29 10:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browsersafeguard
[2014/03/29 10:42:38 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Local\SearchProtect
[2014/03/29 10:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/03/28 18:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/08 17:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/03/08 17:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/04/24 12:26:55 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/29 14:17:49 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/29 14:17:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/29 13:42:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/03/29 12:51:45 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/29 12:51:45 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/29 12:50:12 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/03/29 12:50:12 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/03/29 12:50:12 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/03/29 12:42:54 | 000,002,284 | ---- | M] () -- C:\windows\tasks\Information-firefoxinstaller.job
[2014/03/29 12:42:54 | 000,001,524 | ---- | M] () -- C:\windows\tasks\Information-updater.job
[2014/03/29 12:42:54 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/29 12:42:50 | 000,003,090 | ---- | M] () -- C:\windows\tasks\Information-chromeinstaller.job
[2014/03/29 12:42:46 | 000,001,358 | ---- | M] () -- C:\windows\tasks\Information-enabler.job
[2014/03/29 12:42:45 | 000,001,480 | ---- | M] () -- C:\windows\tasks\Information-codedownloader.job
[2014/03/29 12:42:36 | 129,511,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/29 10:45:33 | 000,001,979 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\Sync Folder.lnk
[2014/03/29 10:45:21 | 000,001,101 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/03/29 10:45:21 | 000,001,097 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\MyPC Backup.lnk
[2014/03/29 10:44:34 | 000,001,240 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\Create Amazing Presentations.lnk
[2014/03/29 10:44:02 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/03/29 10:44:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/03/29 10:42:38 | 000,000,000 | ---- | M] () -- C:\END
[2014/03/16 03:21:41 | 000,428,512 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/15 16:09:15 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Internet Browser.lnk
[2014/03/08 17:32:35 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/03/08 17:32:35 | 000,001,931 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
 
========== Files Created - No Company Name ==========
 
[2014/03/29 10:45:33 | 000,001,979 | ---- | C] () -- C:\Users\Kids\Contacts\Desktop\Sync Folder.lnk
[2014/03/29 10:45:21 | 000,001,524 | ---- | C] () -- C:\windows\tasks\Information-updater.job
[2014/03/29 10:45:21 | 000,001,101 | ---- | C] () -- C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/03/29 10:45:21 | 000,001,097 | ---- | C] () -- C:\Users\Kids\Contacts\Desktop\MyPC Backup.lnk
[2014/03/29 10:45:14 | 000,001,358 | ---- | C] () -- C:\windows\tasks\Information-enabler.job
[2014/03/29 10:45:05 | 000,001,480 | ---- | C] () -- C:\windows\tasks\Information-codedownloader.job
[2014/03/29 10:44:57 | 000,002,284 | ---- | C] () -- C:\windows\tasks\Information-firefoxinstaller.job
[2014/03/29 10:44:48 | 000,003,090 | ---- | C] () -- C:\windows\tasks\Information-chromeinstaller.job
[2014/03/29 10:44:34 | 000,001,240 | ---- | C] () -- C:\Users\Kids\Contacts\Desktop\Create Amazing Presentations.lnk
[2014/03/29 10:44:34 | 000,001,240 | ---- | C] () -- C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2014/03/29 10:44:02 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/03/29 10:44:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/02/04 21:16:13 | 000,005,120 | ---- | C] () -- C:\Users\Kids\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/29 09:21:07 | 000,001,001 | ---- | C] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_wsc
[2014/01/29 09:17:20 | 000,000,828 | ---- | C] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_sta
[2014/01/29 09:17:20 | 000,000,824 | ---- | C] () -- C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_prof
[2014/01/29 09:00:27 | 000,013,931 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2014/01/29 09:00:27 | 000,013,931 | ---- | C] () -- C:\windows\SysWow64\drivers\RaCoInst.dat
[2013/07/20 10:02:04 | 001,229,097 | ---- | C] () -- C:\windows\unins000.exe
[2013/07/20 10:02:04 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\Lagarith.dll
[2013/07/20 10:02:04 | 000,076,332 | ---- | C] () -- C:\windows\unins000.dat
[2012/04/24 12:23:04 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2012/04/24 12:23:04 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/03/27 09:46:35 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\.minecraft
[2013/09/24 20:11:55 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\AVSoftware
[2014/03/29 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Dropbox
[2013/08/13 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Online Video Accelerator
[2013/08/15 07:06:25 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Open Download Manager
[2014/03/29 10:44:06 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\PC Tech Hotline
[2013/08/15 07:10:59 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Systweak
[2013/08/13 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\xVidly
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/09/07 13:49:04 | 096,533,415 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\㓱ᵌ
[2013/09/07 13:49:04 | 096,533,415 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\㓱ᵌ

< End of report >
 

 

Here is MalbytesMalware Log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Kids :: MISTERMAGIC [administrator]

3/29/2014 2:18:26 PM
mbam-log-2014-03-29 (14-18-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226701
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> 2700 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 32
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110511031168} (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440544034468} (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550555035568} (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0050368.BHO.1 (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511031168} (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7A1E0100-AC72-3F5F-CFD8-6872635A42C9} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A1E0100-AC72-3F5F-CFD8-6872635A42C9} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A1E0100-AC72-3F5F-CFD8-6872635A42C9} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1 (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TidyNetwork (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0050368.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0050368.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0050368.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKCU\Software\TidyNetwork (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\GorillaPrice (PUP.Optional.GorillaPrice.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\TidyNetwork (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\VisualBee (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PCFixSpeed (PUP.Optional.PCFixSpeed) -> Data: "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BrowserSafeguard (PUP.Optional.BrowserSafeGuard.A) -> Data: "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe" -> Quarantined and deleted successfully.
HKCU\Software\Mozilla\Firefox\EXTENSIONS|{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Data: C:\Users\Kids\AppData\Local\GreatArcadeHits\gahff.xpi -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_downloadwhizz.com|google_browsersafeguard-display-US-336x280-downloadwhizz-46393485040 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.condui...8772A7210&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 53
C:\Program Files (x86)\Information (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\ProgramData\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\PCFixSpeed\Backup (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\PCFixSpeed\Startup (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\PCFixSpeed\Translate (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PCFixSpeed\Update (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Delete on reboot.
C:\Program Files (x86)\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\TidyNetwork (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\PCFixSpeed\News (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\PCFixSpeed\Startup (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\GuideFiles (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\userCode (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\icons (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\icons\actions (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\api (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.

Files Detected: 996
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-bho.dll (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\GetCC.dll (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nskD41E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nskF114.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nspF52A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nszCD29.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nszD0D2.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nszF8C3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\vbmz5.exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Temp\nspB748\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Downloads\Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\LM6UCSY2\SPIdentifier[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\RIKCE0WO\sp-downloader[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\RIKCE0WO\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\W6YLQUD6\SetupGreatArcadeHits[1].exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\W6YLQUD6\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\W6YLQUD6\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kids\Local Settings\Temporary Internet Files\Content.IE5\W6YLQUD6\vbmz5[1].exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\background.html (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\50368.crx (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\50368.xpi (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-bg.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-bho64.dll (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-buttonutil.dll (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-buttonutil.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-buttonutil64.dll (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-buttonutil64.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-chromeinstaller.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-codedownloader.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-enabler.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-firefoxinstaller.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-helper.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information-updater.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Information.ico (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Installer.log (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\Uninstall.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Information\utils.exe (PUP.Optional.Information.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TidyNetwork\petn.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TidyNetwork\petn64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\GreatArcadeHits.job (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\ProgramData\PCFixSpeed\addons.xml (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\PCFixSpeed\Translate\lng.ini (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PCFixSpeed\PCFixSpeed.exe (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PCFixSpeed\unins000.dat (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PCFixSpeed\unins000.exe (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PCFixSpeed\unins000.msg (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed\PC Fix Speed.lnk (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed\PCFixSpeed.com.url (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed\Uninstall PC Fix Speed.lnk (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Delete on reboot.
C:\Program Files (x86)\Browsersafeguard\config.dat (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\TidyNetwork\sidAdKnowledge2.tidy (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\TidyNetwork\log.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\TidyNetwork\petnupdate.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\TidyNetwork\TidyNetwork.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\PCFixSpeed\faq.htm (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_promote_app_MLM_horizontal.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_promote_app_SO_horizontal.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\PCFixSpeed\News\PCFS_news_tech_offer.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_trialpay_tray_ads.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\gahcrx.zip (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\PopupBroker.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\ClientComServices.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\ClientSoftwareUpdate.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\ClientUtilities.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\DocumentFormat.OpenXml.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Domain.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\IComService.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\IDBService.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Ionic.Zip.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\ISwUpdateService.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Microsoft.Office.Tools.Common.v4.0.Utilities.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Advisor.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Analysis.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Analyzer.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Builder.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Cleaner.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Database.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Design.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Designer.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Downloader.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Engine.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_EngineGlobals.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Extractor.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_ExtraGlobals.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_HunposHelper.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_ImageManipulator.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_MessageForm.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Normalizer.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Presentation.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_SendLogFile.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_Share.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_SmartArtLib.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_WordNetHelper.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\N_ZoomPanel.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\SlideShareAPI.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\uninstaller.exe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeAbout.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeAccount.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeClient.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeClient.dll.config (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeClient.dll.manifest (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeClient.vsto (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeEnhance.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeLibrary.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeMyLogo.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\VBeeWebSearch.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\WordNetClasses.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\adj.exc (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\adv.exc (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\cntlist (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\cntlist.rev (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\cygwin1.dll (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\data.adj (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\data.adv (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\data.noun (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\data.verb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\english.model (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\frames.vrb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\hunpos-tag.exe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\index.adj (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\index.adv (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\index.noun (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\index.sense (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\index.verb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\log.grind.2.1 (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\noun.exc (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\sentidx.vrb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\sents.vrb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\verb.exc (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\Dic-Eng\verb.Framestext (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\GuideFiles\License.rtf (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeExe\GuideFiles\SelectSlidesGuide.rtf (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 colors 01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 colors 01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 colors 01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 05_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 05_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 05_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 06_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 06_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 06_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 07_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 07_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 07_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 08_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 08_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\3 Colors 08_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_blue_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_blue_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_blue_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_book_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_book_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_book_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_pink_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_pink_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_pink_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\BaloonGirl_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\BaloonGirl_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\BaloonGirl_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ChineseDoll_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ChineseDoll_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ChineseDoll_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Christmas1_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Christmas1_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Christmas1_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Christmas2_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Christmas2_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Christmas2_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics05_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics05_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics05_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics06_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics06_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Comics06_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Classic_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Classic_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Classic_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Desert_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Desert_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Desert_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Earth_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Earth_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Earth_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Flower_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Flower_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Flower_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Sky_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Sky_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Sky_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Sport_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Sport_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Sport_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Urban_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Urban_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Guga_Urban_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\HandShake_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\HandShake_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\HandShake_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_A_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_A_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_A_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_B_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_B_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_B_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_C_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_C_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_C_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_D_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_D_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Large_title_D_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\logo.png (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplate_Background.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\myTemplate_Button.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Painting_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Painting_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Painting_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Background.png (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Background_v35.png (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy1.png (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy2.png (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy3.png (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ShipsComing_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ShipsComing_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ShipsComing_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Simple 04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\SunFlower_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\SunFlower_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\SunFlower_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T105_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T105_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T105_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T107_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T107_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T107_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T109_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T109_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T109_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T115_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T115_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T115_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T116_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T116_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T116_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T119_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T119_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T119_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T120_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T120_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T120_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T121_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T121_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T121_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T202_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T202_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T202_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T203_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T203_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T203_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T205_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T205_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T205_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T207_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T207_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T207_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T211_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T211_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T211_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T213_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T213_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T213_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T218_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T218_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T218_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T219_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T219_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T219_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T220_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T220_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T220_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T301_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T301_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T301_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T302_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T302_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T302_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T303_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T303_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T303_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T304_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T304_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T304_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T305_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T305_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T305_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T306_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T306_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T306_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T307_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T307_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T307_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T308_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T308_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T308_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T309_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T309_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T309_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T311_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T311_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T311_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T312_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T312_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T312_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T313_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T313_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T313_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T314_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T314_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T314_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T316_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T316_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T316_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T317_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T317_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T317_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T318_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T318_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T318_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T319_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T319_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T319_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T320_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T320_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T320_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T322_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T322_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T322_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T324_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T324_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T324_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T325_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T325_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T325_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T326_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T326_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T326_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T327_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T327_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\T327_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Teenage_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Teenage_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Teenage_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp01_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp01_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp01_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp02_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp02_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp02_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp03_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp03_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp03_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp04_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp04_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp04_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp05_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp05_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp05_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp06_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp06_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp06_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp07_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp07_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp07_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp08_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp08_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp08_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp09_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp09_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp09_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp10_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp10_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp10_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp11_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp11_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp11_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp12_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp12_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp12_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp13_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp13_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp13_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp14_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp14_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp14_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp15_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp15_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp15_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp16_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp16_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp16_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp17_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp17_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp17_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp18_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp18_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp18_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp19_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp19_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp19_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp20_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp20_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\ThinkUp20_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11A_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11A_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11A_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11B_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11B_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11B_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11C_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11C_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11C_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11D_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11D_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11D_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11E_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11E_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11E_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11F_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11F_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11F_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11G_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11G_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11G_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11H_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11H_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11H_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11I_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11I_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11I_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11J_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11J_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11J_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11K_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11K_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11K_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11L_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11L_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11L_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11M_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11M_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11M_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11N_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11N_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Typo11N_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\VisualBeeLogo.png (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Watching_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Watching_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Watching_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\WeddingSoon_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\WeddingSoon_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\WeddingSoon_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\WindGirl_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\WindGirl_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\WindGirl_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y101_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y101_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y101_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y103_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y103_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y103_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y305_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y305_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y305_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y306_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y306_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y306_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y307_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y307_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y307_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y308_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y308_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y308_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y312_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y312_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y312_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y319_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y319_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y319_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y323_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y323_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y323_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y324_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y324_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y324_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y327_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y327_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y327_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y330_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y330_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y330_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y332_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y332_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y332_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y333_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y333_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y333_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y335_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y335_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y335_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y336_smart.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y336_text.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\Domain\Y336_thumb.jpg (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\checksum.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\Layouts.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\LayoutsSchema.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\PublicImages.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\PublicImagesKeywords.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\PublicImagesKeywordsSchema.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\PublicImagesSchema.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\Schemes.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\SchemesSchema.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\Slides.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\SlidesKeywords.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\SlidesKeywordsSchema.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\VisualBeeClient\LocalDB\SlidesSchema.vdb (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\background.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\chromeCoreFilesIndex.txt (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\crossriderManifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\manifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\popup.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\manifest.xml (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\102_dealply_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\103_intext_5_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\104_jollywallet_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\13_CrossriderAppUtils.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\14_CrossriderUtils.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\177_crossriderDashboard.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\17_jQuery.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\182_openUrl.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\183_tabsWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\184_noproblemppc_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\19_CHAppAPIWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\1_base.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\207_dbWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\21_debug.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\223_imonomy_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\22_resources.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\28_initializer.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\32_images_hook.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\47_resources_background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\4_jquery_1_7_1.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\5_notifications.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\64_appApiMessage.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\72_appApiValidation.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\78_CrossriderInfo.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\7_hooks.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\80_CHPopupAppAPI.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\91_monetizationLoader.js.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\93_superfish_no_coupons_m.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\97_resourceApiWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\plugins\9_search_engine_hook.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\userCode\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\extensionData\userCode\extension.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\icons\icon128.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\icons\icon16.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\icons\icon48.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\icons\actions\1.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\main.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\platformVersion.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\api\chrome.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\api\cookie.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\api\message.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\api\monitor.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\api\pageAction.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\api\pageActionBG.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\bg_app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\consts.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\cookie_store.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\crossriderAPI.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\delegate.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\events.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\extensionDataStore.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\installer.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\logFile.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\logging.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\onBGDocumentLoad.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\reports.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\storageWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\updateManager.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\util.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\xhr.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\popupResource\newPopup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.26_0\js\lib\popupResource\popup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.

(end)
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
 
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49194;https=127.0.0.1:49194
O2:64bit: - BHO: (Information) - {11111111-1111-1111-1111-110511031168} - C:\Program Files (x86)\Information\Information-bho64.dll File not found
O2:64bit: - BHO: (TidyNetwork) - {7A1E0100-AC72-3F5F-CFD8-6872635A42C9} - C:\Program Files (x86)\TidyNetwork\petn64.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O4 - HKLM..\Run: [PCTechHotline] C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe (Crawler, LLC)
O4 - Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
[2014/03/29 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/03/29 10:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2014/03/29 10:44:34 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Local\emaze
[2014/03/29 10:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TidyNetwork
[2014/03/29 10:44:06 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Roaming\PC Tech Hotline
[2014/03/29 10:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
[2014/03/29 10:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTechHotline
[2014/03/29 10:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browsersafeguard
[2014/03/29 10:42:38 | 000,000,000 | ---D | C] -- C:\Users\Kids\AppData\Local\SearchProtect
[2014/03/29 10:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/03/29 10:45:33 | 000,001,979 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\Sync Folder.lnk
[2014/03/29 10:45:21 | 000,001,101 | ---- | M] () -- C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/03/29 10:45:21 | 000,001,097 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\MyPC Backup.lnk
[2014/03/29 10:44:34 | 000,001,240 | ---- | M] () -- C:\Users\Kids\Contacts\Desktop\Create Amazing Presentations.lnk
[2014/03/29 10:44:02 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/03/29 10:44:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/03/29 12:42:54 | 000,002,284 | ---- | M] () -- C:\windows\tasks\Information-firefoxinstaller.job
[2014/03/29 12:42:54 | 000,001,524 | ---- | M] () -- C:\windows\tasks\Information-updater.job
[2014/03/29 12:42:54 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/29 12:42:50 | 000,003,090 | ---- | M] () -- C:\windows\tasks\Information-chromeinstaller.job
[2014/03/29 12:42:46 | 000,001,358 | ---- | M] () -- C:\windows\tasks\Information-enabler.job
[2014/03/29 12:42:45 | 000,001,480 | ---- | M] () -- C:\windows\tasks\Information-codedownloader.job
[2014/03/29 10:45:33 | 000,001,979 | ---- | C] () -- C:\Users\Kids\Contacts\Desktop\Sync Folder.lnk
[2014/03/29 10:45:21 | 000,001,524 | ---- | C] () -- C:\windows\tasks\Information-updater.job
[2014/03/29 10:45:21 | 000,001,101 | ---- | C] () -- C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/03/29 10:45:21 | 000,001,097 | ---- | C] () -- C:\Users\Kids\Contacts\Desktop\MyPC Backup.lnk
[2014/03/29 10:45:14 | 000,001,358 | ---- | C] () -- C:\windows\tasks\Information-enabler.job
[2014/03/29 10:45:05 | 000,001,480 | ---- | C] () -- C:\windows\tasks\Information-codedownloader.job
[2014/03/29 10:44:57 | 000,002,284 | ---- | C] () -- C:\windows\tasks\Information-firefoxinstaller.job
[2014/03/29 10:44:48 | 000,003,090 | ---- | C] () -- C:\windows\tasks\Information-chromeinstaller.job
[2014/03/29 10:44:34 | 000,001,240 | ---- | C] () -- C:\Users\Kids\Contacts\Desktop\Create Amazing Presentations.lnk
[2014/03/29 10:44:34 | 000,001,240 | ---- | C] () -- C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2014/03/29 10:44:02 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/03/29 10:44:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/03/29 10:44:06 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\PC Tech Hotline
[2013/09/07 13:49:04 | 096,533,415 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\㓱ᵌ
[2013/09/07 13:49:04 | 096,533,415 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\㓱ᵌ
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\03292014-some number.log so look there if you don't see it.
 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
    Ron

     


    • 0

    #3
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511031168}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511031168}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A1E0100-AC72-3F5F-CFD8-6872635A42C9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A1E0100-AC72-3F5F-CFD8-6872635A42C9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
    C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCTechHotline deleted successfully.
    C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe moved successfully.
    C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk moved successfully.
    C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
    C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup folder moved successfully.
    C:\ProgramData\VisualBee folder moved successfully.
    C:\Users\Kids\AppData\Local\emaze folder moved successfully.
    C:\Program Files (x86)\TidyNetwork folder moved successfully.
    C:\Users\Kids\AppData\Roaming\PC Tech Hotline\skin folder moved successfully.
    C:\Users\Kids\AppData\Roaming\PC Tech Hotline folder moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline folder moved successfully.
    C:\Program Files (x86)\PCTechHotline\Update folder moved successfully.
    C:\Program Files (x86)\PCTechHotline folder moved successfully.
    Folder C:\Program Files (x86)\Browsersafeguard\ not found.
    C:\Users\Kids\AppData\Local\SearchProtect\SearchProtect\STG folder moved successfully.
    C:\Users\Kids\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
    C:\Users\Kids\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
    Folder C:\Program Files (x86)\SearchProtect\ not found.
    C:\Users\Kids\Contacts\Desktop\Sync Folder.lnk moved successfully.
    File C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
    C:\Users\Kids\Contacts\Desktop\MyPC Backup.lnk moved successfully.
    C:\Users\Kids\Contacts\Desktop\Create Amazing Presentations.lnk moved successfully.
    C:\Users\Public\Desktop\PC Tech Hotline.lnk moved successfully.
    C:\Users\Public\Desktop\Optimize Your PC.lnk moved successfully.
    C:\Windows\Tasks\Information-firefoxinstaller.job moved successfully.
    C:\Windows\Tasks\Information-updater.job moved successfully.
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
    C:\Windows\Tasks\Information-chromeinstaller.job moved successfully.
    C:\Windows\Tasks\Information-enabler.job moved successfully.
    C:\Windows\Tasks\Information-codedownloader.job moved successfully.
    File C:\Users\Kids\Contacts\Desktop\Sync Folder.lnk not found.
    File C:\windows\tasks\Information-updater.job not found.
    File C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
    File C:\Users\Kids\Contacts\Desktop\MyPC Backup.lnk not found.
    File C:\windows\tasks\Information-enabler.job not found.
    File C:\windows\tasks\Information-codedownloader.job not found.
    File C:\windows\tasks\Information-firefoxinstaller.job not found.
    File C:\windows\tasks\Information-chromeinstaller.job not found.
    File C:\Users\Kids\Contacts\Desktop\Create Amazing Presentations.lnk not found.
    C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk moved successfully.
    File C:\Users\Public\Desktop\PC Tech Hotline.lnk not found.
    File C:\Users\Public\Desktop\Optimize Your PC.lnk not found.
    Folder C:\Users\Kids\AppData\Roaming\PC Tech Hotline\ not found.
    File C:\windows\SysWow64\㓱ᵌ not found.
    File C:\windows\SysWow64\㓱ᵌ not found.
    ========== COMMANDS ==========
     
    [EMPTYFLASH]
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: Kids
    ->Flash cache emptied: 6571 bytes
     
    User: Public
     
    Total Flash Files Cleaned = 0.00 mb
     
     
    [EMPTYJAVA]
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: Kids
    ->Java cache emptied: 0 bytes
     
    User: Public
     
    Total Java Files Cleaned = 0.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 03302014_074744
     


    • 0

    #4
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    # AdwCleaner v3.022 - Report created 30/03/2014 at 07:58:22
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Kids - MISTERMAGIC
    # Running from : C:\Users\Kids\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : BackupStack

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Program Files (x86)\Conduit
    [#] Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\Nation Toolbar
    Folder Deleted : C:\Users\Kids\AppData\Local\Conduit
    Folder Deleted : C:\Users\Kids\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\Kids\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Kids\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Kids\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Kids\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Kids\AppData\Roaming\xVidly
    Folder Deleted : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\[email protected]
    Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn
    File Deleted : C:\END
    File Deleted : C:\windows\System32\roboot64.exe
    File Deleted : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\invalidprefs.js
    File Deleted : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\searchplugins\conduit-search.xml
    File Deleted : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\kimdndlhnimhdcchmglaendkednpejjn
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kimdndlhnimhdcchmglaendkednpejjn
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
    Key Deleted : HKLM\SOFTWARE\5348c8de238eb48
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295548
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522032268}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566036668}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522032268}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566036668}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : HKCU\Software\BabSolution
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\installedbrowserextensions
    Key Deleted : HKCU\Software\Nation Toolbar
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\visualbee
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Delta
    Key Deleted : HKLM\Software\Nation Toolbar
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\visualbee
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16521

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\prefs.js ]

    Line Deleted : user_pref("CT3295548_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376576132405,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3295548&CUI=UN20452569286497193&UM=2&SearchSource=13");
    Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "xvidly3 Customized Web Search");
    Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3295548&SearchSource=2&CUI=UN20452569286497193&UM=2&q=");
    Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3295548");
    Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3326302&octid=EB_ORIGINAL_CTID&ISID=MD7699792-10F1-4BBF-A85E-4E59E8B52F7A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP0426DFD6-50D[...]
    Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
    Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3326302&octid=EB_ORIGINAL_CTID&ISID=MD7699792-10F1-4BBF-A85E-4E59E8B52F7A&SearchSource=55&CUI=&UM=5&UP=SP0426DFD6-50DF-4127[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylig[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app50368%22%3A%22app50[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_geolocation.expiration", "Sat Apr 05 2014 14:26:09 GMT-0700 (Pacific Sta[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_metadata.expiration", "Sun Mar 30 2014 14:26:09 GMT-0700 (Pacific Standa[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A50368%2C%22appName%22%3A%22Informatio[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.internaldb.Resources_meta.value", "%7B%22images/emaze.png%22%3A%7B%22id%22%3A517362%2C%22ver%22%3A[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.internaldb.Resources_resource_517362.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAAAANSUhEU[...]
    Line Deleted : user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.internaldb.Resources_resource_517363.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAAAANSUhEU[...]
    Line Deleted : user_pref("extensions.crossrider.bic", "1450fbc3670faa9b8a0db291a5459e8e");
    Line Deleted : user_pref("extensions.delta.admin", false);
    Line Deleted : user_pref("extensions.delta.aflt", "babsst");
    Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Line Deleted : user_pref("extensions.delta.bbDpng", "15");
    Line Deleted : user_pref("extensions.delta.cntry", "US");
    Line Deleted : user_pref("extensions.delta.dfltLng", "zht");
    Line Deleted : user_pref("extensions.delta.excTlbr", false);
    Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
    Line Deleted : user_pref("extensions.delta.hdrMd5", "2F9DBD318C203AD74AAA79B9FB8D4298");
    Line Deleted : user_pref("extensions.delta.id", "82bdf4790000000000008c89a5d636b8");
    Line Deleted : user_pref("extensions.delta.instlDay", "15931");
    Line Deleted : user_pref("extensions.delta.instlRef", "sst");
    Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.22.017:53:41");
    Line Deleted : user_pref("extensions.delta.newTab", false);
    Line Deleted : user_pref("extensions.delta.prdct", "delta");
    Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Line Deleted : user_pref("extensions.delta.rvrt", "false");
    Line Deleted : user_pref("extensions.delta.sg", "azb");
    Line Deleted : user_pref("extensions.delta.smplGrp", "none");
    Line Deleted : user_pref("extensions.delta.tlbrId", "base");
    Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
    Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.017:53:41");
    Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
    Line Deleted : user_pref("extensions.delta_i.babExt", "");
    Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=123485&tt=110813_Dmntr&tsp=4974");
    Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

    -\\ Google Chrome v33.0.1750.154

    [ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : search_url
    Deleted : suggest_url
    Deleted : keyword
    Deleted : icon_url
    Deleted : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [12499 octets] - [30/03/2014 07:56:56]
    AdwCleaner[S0].txt - [12060 octets] - [30/03/2014 07:58:22]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12121 octets] ##########
     


    • 0

    #5
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Kids on Sun 03/30/2014 at  8:03:50.16
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsshow
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\sweetim



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Kids\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
    Successfully deleted: [Empty Folder] C:\Users\Kids\appdata\local\{3050A3AF-D42F-464E-A8C9-5B09C21F1DB0}



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Kids\AppData\Roaming\mozilla\firefox\profiles\zalxh0au.default\prefs.js

    user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00
    user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C
    user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_geolocation.expiration", "Sun Apr 06 2014 08:00
    user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
    user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_metadata.expiration", "Mon Mar 31 2014 08:00:35
    user_pref("extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A50368%2C%22a
    Emptied folder: C:\Users\Kids\AppData\Roaming\mozilla\firefox\profiles\zalxh0au.default\minidumps [241 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 03/30/2014 at  8:10:09.42
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #6
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by Kids (administrator) on MISTERMAGIC on 30-03-2014 08:35:52
    Running from C:\Users\Kids\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\windows\system32\atiesrxx.exe
    (AMD) C:\windows\system32\atieclxx.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    () C:\Windows\jmesoft\Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    (Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Lenovo) C:\Windows\jmesoft\hotkey.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    () C:\Windows\jmesoft\JME_LOAD.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [jmekey] - C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
    HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
    HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-16] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *‮* <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\flashax10.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\flashax10.exe <====== ATTENTION
    HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Medialink Utilty] - C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
    Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7LEND
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default
    FF DefaultSearchEngine: Google
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Information - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\[email protected]f0472c970.com [2014-03-30]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com"
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultSearchURL: http://www.google.com
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Extension: (No Name) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn [2013-08-13]
    CHR Extension: (Chrome In-App Payments service) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]

    ==================== Services (Whitelisted) =================

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-08-18] (Advanced Micro Devices, Inc.)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
    S2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-30 08:35 - 2014-03-30 08:36 - 00024056 _____ () C:\Users\Kids\Downloads\FRST.txt
    2014-03-30 08:35 - 2014-03-30 08:35 - 02157056 _____ (Farbar) C:\Users\Kids\Downloads\FRST64.exe
    2014-03-30 08:35 - 2014-03-30 08:35 - 00000000 ____D () C:\FRST
    2014-03-30 08:10 - 2014-03-30 08:10 - 00002564 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-03-30 08:01 - 2014-03-30 08:01 - 01038974 _____ (Thisisu) C:\Users\Kids\Downloads\JRT.exe
    2014-03-30 07:55 - 2014-03-30 07:58 - 00000000 ____D () C:\AdwCleaner
    2014-03-30 07:55 - 2014-03-30 07:55 - 01950720 _____ () C:\Users\Kids\Downloads\AdwCleaner.exe
    2014-03-30 07:47 - 2014-03-30 07:47 - 00000000 ____D () C:\_OTL
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004554 _____ () C:\windows\System32\Tasks\Information-updater
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004510 _____ () C:\windows\System32\Tasks\Information-codedownloader
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004388 _____ () C:\windows\System32\Tasks\Information-enabler
    2014-03-29 10:44 - 2014-03-29 10:44 - 00003954 _____ () C:\windows\System32\Tasks\TidyNetwork Update
    2014-03-29 10:43 - 2014-03-29 10:43 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-28 18:52 - 2014-03-28 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-15 16:12 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-03-15 16:12 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-03-15 16:12 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-03-15 16:12 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-03-15 16:12 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-03-15 16:12 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-03-15 16:12 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-03-15 16:12 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-03-15 16:12 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-03-15 16:12 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-03-15 16:12 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-03-15 16:12 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-03-15 16:12 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-03-15 16:12 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-03-15 16:12 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-03-15 16:12 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-03-15 16:12 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-03-15 16:12 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-03-15 16:12 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-03-15 16:11 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-03-15 16:11 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-03-15 16:11 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-03-15 16:11 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-03-15 16:11 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-03-15 16:11 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-03-15 16:11 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-03-15 16:11 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-03-15 16:11 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-03-15 16:11 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-03-15 16:11 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-03-15 16:11 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-03-15 16:11 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-03-15 16:11 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-03-15 16:11 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-03-15 16:11 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-03-15 16:11 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-03-15 16:11 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-03-15 16:11 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-03-15 16:11 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-03-15 16:11 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-03-15 16:11 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-03-15 16:11 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
    2014-03-15 16:11 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
    2014-03-15 16:11 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
    2014-03-15 16:06 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-03-15 16:06 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
    2014-03-15 16:06 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-03-15 16:06 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
    2014-03-08 17:32 - 2014-03-08 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan

    ==================== One Month Modified Files and Folders =======

    2014-03-30 08:36 - 2014-03-30 08:35 - 00024056 _____ () C:\Users\Kids\Downloads\FRST.txt
    2014-03-30 08:35 - 2014-03-30 08:35 - 02157056 _____ (Farbar) C:\Users\Kids\Downloads\FRST64.exe
    2014-03-30 08:35 - 2014-03-30 08:35 - 00000000 ____D () C:\FRST
    2014-03-30 08:10 - 2014-03-30 08:10 - 00002564 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-03-30 08:07 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-30 08:07 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-30 08:05 - 2009-07-13 22:13 - 00726316 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-03-30 08:03 - 2014-02-09 09:46 - 00000000 ____D () C:\windows\ERUNT
    2014-03-30 08:03 - 2012-04-24 11:28 - 01814495 _____ () C:\windows\WindowsUpdate.log
    2014-03-30 08:02 - 2012-04-24 12:33 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-30 08:01 - 2014-03-30 08:01 - 01038974 _____ (Thisisu) C:\Users\Kids\Downloads\JRT.exe
    2014-03-30 08:00 - 2012-11-26 10:05 - 00000000 ___RD () C:\Users\Kids\Dropbox
    2014-03-30 08:00 - 2012-11-26 10:03 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Dropbox
    2014-03-30 07:59 - 2013-10-09 07:47 - 00004324 _____ () C:\windows\setupact.log
    2014-03-30 07:59 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-03-30 07:58 - 2014-03-30 07:55 - 00000000 ____D () C:\AdwCleaner
    2014-03-30 07:55 - 2014-03-30 07:55 - 01950720 _____ () C:\Users\Kids\Downloads\AdwCleaner.exe
    2014-03-30 07:47 - 2014-03-30 07:47 - 00000000 ____D () C:\_OTL
    2014-03-30 07:47 - 2012-10-14 11:10 - 00000000 ___RD () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-30 07:42 - 2012-10-14 13:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-03-29 14:38 - 2013-11-11 14:38 - 00317192 _____ () C:\windows\PFRO.log
    2014-03-29 12:42 - 2012-10-14 12:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004554 _____ () C:\windows\System32\Tasks\Information-updater
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004510 _____ () C:\windows\System32\Tasks\Information-codedownloader
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004388 _____ () C:\windows\System32\Tasks\Information-enabler
    2014-03-29 10:44 - 2014-03-29 10:44 - 00003954 _____ () C:\windows\System32\Tasks\TidyNetwork Update
    2014-03-29 10:43 - 2014-03-29 10:43 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-28 18:52 - 2014-03-28 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-27 09:46 - 2012-10-14 13:12 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\.minecraft
    2014-03-16 03:21 - 2009-07-13 21:45 - 00428512 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-03-16 03:20 - 2013-03-12 21:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-03-16 03:20 - 2013-03-12 21:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-03-16 03:05 - 2013-02-08 08:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-03-16 03:01 - 2012-10-14 13:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-03-16 03:00 - 2012-10-14 13:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-03-16 03:00 - 2012-10-14 13:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-15 16:09 - 2012-04-24 12:33 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
    2014-03-15 16:00 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
    2014-03-08 17:32 - 2014-03-08 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-03-08 17:32 - 2014-02-23 17:24 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2014-02-28 23:05 - 2014-03-15 16:11 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-02-28 22:17 - 2014-03-15 16:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-02-28 22:16 - 2014-03-15 16:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-02-28 21:58 - 2014-03-15 16:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-02-28 21:52 - 2014-03-15 16:11 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-02-28 21:51 - 2014-03-15 16:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-02-28 21:42 - 2014-03-15 16:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-02-28 21:40 - 2014-03-15 16:12 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-02-28 21:37 - 2014-03-15 16:11 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-02-28 21:33 - 2014-03-15 16:11 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-02-28 21:33 - 2014-03-15 16:11 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-02-28 21:32 - 2014-03-15 16:11 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-02-28 21:30 - 2014-03-15 16:12 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-02-28 21:23 - 2014-03-15 16:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-02-28 21:17 - 2014-03-15 16:11 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-02-28 21:11 - 2014-03-15 16:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-02-28 21:02 - 2014-03-15 16:11 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-02-28 20:54 - 2014-03-15 16:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-02-28 20:52 - 2014-03-15 16:12 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-02-28 20:51 - 2014-03-15 16:12 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-02-28 20:47 - 2014-03-15 16:12 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-02-28 20:43 - 2014-03-15 16:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-02-28 20:43 - 2014-03-15 16:12 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-02-28 20:42 - 2014-03-15 16:12 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-02-28 20:40 - 2014-03-15 16:12 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-02-28 20:38 - 2014-03-15 16:11 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-02-28 20:37 - 2014-03-15 16:12 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-02-28 20:35 - 2014-03-15 16:11 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-02-28 20:18 - 2014-03-15 16:11 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-02-28 20:16 - 2014-03-15 16:11 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-02-28 20:14 - 2014-03-15 16:11 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-02-28 20:10 - 2014-03-15 16:11 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-02-28 20:03 - 2014-03-15 16:12 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-02-28 20:00 - 2014-03-15 16:12 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-02-28 19:57 - 2014-03-15 16:12 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-02-28 19:38 - 2014-03-15 16:12 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-02-28 19:32 - 2014-03-15 16:11 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-02-28 19:27 - 2014-03-15 16:12 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-02-28 19:25 - 2014-03-15 16:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-02-28 19:25 - 2014-03-15 16:11 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

    Files to move or delete:
    ====================
    C:\ProgramData\flashax10.exe


    Some content of TEMP:
    ====================
    C:\Users\Kids\AppData\Local\Temp\avgnt.exe
    C:\Users\Kids\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Kids\AppData\Local\Temp\information.exe
    C:\Users\Kids\AppData\Local\Temp\Quarantine.exe
    C:\Users\Kids\AppData\Local\Temp\SendMsg.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-30 08:22

    ==================== End Of Log ============================


    • 0

    #7
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by Kids (administrator) on MISTERMAGIC on 30-03-2014 08:35:52
    Running from C:\Users\Kids\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\windows\system32\atiesrxx.exe
    (AMD) C:\windows\system32\atieclxx.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    () C:\Windows\jmesoft\Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    (Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Lenovo) C:\Windows\jmesoft\hotkey.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    () C:\Windows\jmesoft\JME_LOAD.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [jmekey] - C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
    HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
    HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-16] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *‮* <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\flashax10.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\xvidly\uninstall.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\flashax10.exe <====== ATTENTION
    HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Medialink Utilty] - C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
    Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7LEND
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default
    FF DefaultSearchEngine: Google
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Information - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\[email protected]f0472c970.com [2014-03-30]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com"
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultSearchURL: http://www.google.com
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Extension: (No Name) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn [2013-08-13]
    CHR Extension: (Chrome In-App Payments service) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]

    ==================== Services (Whitelisted) =================

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-08-18] (Advanced Micro Devices, Inc.)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-16] (Avira Operations GmbH & Co. KG)
    R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
    S2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-01] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-30 08:35 - 2014-03-30 08:36 - 00024056 _____ () C:\Users\Kids\Downloads\FRST.txt
    2014-03-30 08:35 - 2014-03-30 08:35 - 02157056 _____ (Farbar) C:\Users\Kids\Downloads\FRST64.exe
    2014-03-30 08:35 - 2014-03-30 08:35 - 00000000 ____D () C:\FRST
    2014-03-30 08:10 - 2014-03-30 08:10 - 00002564 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-03-30 08:01 - 2014-03-30 08:01 - 01038974 _____ (Thisisu) C:\Users\Kids\Downloads\JRT.exe
    2014-03-30 07:55 - 2014-03-30 07:58 - 00000000 ____D () C:\AdwCleaner
    2014-03-30 07:55 - 2014-03-30 07:55 - 01950720 _____ () C:\Users\Kids\Downloads\AdwCleaner.exe
    2014-03-30 07:47 - 2014-03-30 07:47 - 00000000 ____D () C:\_OTL
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004554 _____ () C:\windows\System32\Tasks\Information-updater
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004510 _____ () C:\windows\System32\Tasks\Information-codedownloader
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004388 _____ () C:\windows\System32\Tasks\Information-enabler
    2014-03-29 10:44 - 2014-03-29 10:44 - 00003954 _____ () C:\windows\System32\Tasks\TidyNetwork Update
    2014-03-29 10:43 - 2014-03-29 10:43 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-28 18:52 - 2014-03-28 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-15 16:12 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-03-15 16:12 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-03-15 16:12 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-03-15 16:12 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-03-15 16:12 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-03-15 16:12 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-03-15 16:12 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-03-15 16:12 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-03-15 16:12 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-03-15 16:12 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-03-15 16:12 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-03-15 16:12 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-03-15 16:12 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-03-15 16:12 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-03-15 16:12 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-03-15 16:12 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-03-15 16:12 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-03-15 16:12 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-03-15 16:12 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-03-15 16:11 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-03-15 16:11 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-03-15 16:11 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-03-15 16:11 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-03-15 16:11 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-03-15 16:11 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-03-15 16:11 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-03-15 16:11 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-03-15 16:11 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-03-15 16:11 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-03-15 16:11 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-03-15 16:11 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-03-15 16:11 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-03-15 16:11 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-03-15 16:11 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-03-15 16:11 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-03-15 16:11 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-03-15 16:11 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-03-15 16:11 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-03-15 16:11 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-03-15 16:11 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-03-15 16:11 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-03-15 16:11 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
    2014-03-15 16:11 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
    2014-03-15 16:11 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
    2014-03-15 16:06 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-03-15 16:06 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
    2014-03-15 16:06 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-03-15 16:06 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
    2014-03-08 17:32 - 2014-03-08 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan

    ==================== One Month Modified Files and Folders =======

    2014-03-30 08:36 - 2014-03-30 08:35 - 00024056 _____ () C:\Users\Kids\Downloads\FRST.txt
    2014-03-30 08:35 - 2014-03-30 08:35 - 02157056 _____ (Farbar) C:\Users\Kids\Downloads\FRST64.exe
    2014-03-30 08:35 - 2014-03-30 08:35 - 00000000 ____D () C:\FRST
    2014-03-30 08:10 - 2014-03-30 08:10 - 00002564 _____ () C:\Users\Kids\Desktop\JRT.txt
    2014-03-30 08:07 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-30 08:07 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-30 08:05 - 2009-07-13 22:13 - 00726316 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-03-30 08:03 - 2014-02-09 09:46 - 00000000 ____D () C:\windows\ERUNT
    2014-03-30 08:03 - 2012-04-24 11:28 - 01814495 _____ () C:\windows\WindowsUpdate.log
    2014-03-30 08:02 - 2012-04-24 12:33 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-30 08:01 - 2014-03-30 08:01 - 01038974 _____ (Thisisu) C:\Users\Kids\Downloads\JRT.exe
    2014-03-30 08:00 - 2012-11-26 10:05 - 00000000 ___RD () C:\Users\Kids\Dropbox
    2014-03-30 08:00 - 2012-11-26 10:03 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Dropbox
    2014-03-30 07:59 - 2013-10-09 07:47 - 00004324 _____ () C:\windows\setupact.log
    2014-03-30 07:59 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-03-30 07:58 - 2014-03-30 07:55 - 00000000 ____D () C:\AdwCleaner
    2014-03-30 07:55 - 2014-03-30 07:55 - 01950720 _____ () C:\Users\Kids\Downloads\AdwCleaner.exe
    2014-03-30 07:47 - 2014-03-30 07:47 - 00000000 ____D () C:\_OTL
    2014-03-30 07:47 - 2012-10-14 11:10 - 00000000 ___RD () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-30 07:42 - 2012-10-14 13:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-03-29 14:38 - 2013-11-11 14:38 - 00317192 _____ () C:\windows\PFRO.log
    2014-03-29 12:42 - 2012-10-14 12:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004554 _____ () C:\windows\System32\Tasks\Information-updater
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004510 _____ () C:\windows\System32\Tasks\Information-codedownloader
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004388 _____ () C:\windows\System32\Tasks\Information-enabler
    2014-03-29 10:44 - 2014-03-29 10:44 - 00003954 _____ () C:\windows\System32\Tasks\TidyNetwork Update
    2014-03-29 10:43 - 2014-03-29 10:43 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-28 18:52 - 2014-03-28 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-27 09:46 - 2012-10-14 13:12 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\.minecraft
    2014-03-16 03:21 - 2009-07-13 21:45 - 00428512 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-03-16 03:20 - 2013-03-12 21:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-03-16 03:20 - 2013-03-12 21:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-03-16 03:05 - 2013-02-08 08:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-03-16 03:01 - 2012-10-14 13:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-03-16 03:00 - 2012-10-14 13:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-03-16 03:00 - 2012-10-14 13:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-15 16:09 - 2012-04-24 12:33 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
    2014-03-15 16:00 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
    2014-03-08 17:32 - 2014-03-08 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-03-08 17:32 - 2014-02-23 17:24 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2014-02-28 23:05 - 2014-03-15 16:11 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-02-28 22:17 - 2014-03-15 16:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-02-28 22:16 - 2014-03-15 16:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-02-28 21:58 - 2014-03-15 16:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-02-28 21:52 - 2014-03-15 16:11 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-02-28 21:51 - 2014-03-15 16:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-02-28 21:42 - 2014-03-15 16:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-02-28 21:40 - 2014-03-15 16:12 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-02-28 21:37 - 2014-03-15 16:11 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-02-28 21:33 - 2014-03-15 16:11 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-02-28 21:33 - 2014-03-15 16:11 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-02-28 21:32 - 2014-03-15 16:11 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-02-28 21:30 - 2014-03-15 16:12 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-02-28 21:23 - 2014-03-15 16:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-02-28 21:17 - 2014-03-15 16:11 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-02-28 21:11 - 2014-03-15 16:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-02-28 21:02 - 2014-03-15 16:11 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-02-28 20:54 - 2014-03-15 16:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-02-28 20:52 - 2014-03-15 16:12 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-02-28 20:51 - 2014-03-15 16:12 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-02-28 20:47 - 2014-03-15 16:12 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-02-28 20:43 - 2014-03-15 16:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-02-28 20:43 - 2014-03-15 16:12 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-02-28 20:42 - 2014-03-15 16:12 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-02-28 20:40 - 2014-03-15 16:12 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-02-28 20:38 - 2014-03-15 16:11 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-02-28 20:37 - 2014-03-15 16:12 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-02-28 20:35 - 2014-03-15 16:11 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-02-28 20:18 - 2014-03-15 16:11 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-02-28 20:16 - 2014-03-15 16:11 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-02-28 20:14 - 2014-03-15 16:11 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-02-28 20:10 - 2014-03-15 16:11 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-02-28 20:03 - 2014-03-15 16:12 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-02-28 20:00 - 2014-03-15 16:12 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-02-28 19:57 - 2014-03-15 16:12 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-02-28 19:38 - 2014-03-15 16:12 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-02-28 19:32 - 2014-03-15 16:11 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-02-28 19:27 - 2014-03-15 16:12 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-02-28 19:25 - 2014-03-15 16:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-02-28 19:25 - 2014-03-15 16:11 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

    Files to move or delete:
    ====================
    C:\ProgramData\flashax10.exe


    Some content of TEMP:
    ====================
    C:\Users\Kids\AppData\Local\Temp\avgnt.exe
    C:\Users\Kids\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Kids\AppData\Local\Temp\information.exe
    C:\Users\Kids\AppData\Local\Temp\Quarantine.exe
    C:\Users\Kids\AppData\Local\Temp\SendMsg.dll
    C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-30 08:22

    ==================== End Of Log ============================


    • 0

    #8
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by Kids at 2014-03-30 08:36:37
    Running from C:\Users\Kids\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{AD2C4469-ACD9-4E78-91DE-A6BF6459959A}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
    AMD Fuel (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    AMD VISION Engine Control Center (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Profiles Desktop (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
    Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0978 - Ezvid, inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
    Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.3426 - Lenovo)
    Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.)
    Lenovo Power2Go (x32 Version: 6.0.5317 - CyberLink Corp.) Hidden
    Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
    Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
    LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
    Medialink MWN-USB150N (HKLM-x32\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    PC Tech Hotline (HKLM-x32\...\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1) (Version: 3.0.0.4 - Crawler, LLC)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
    Windows Driver Package - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Restore Points  =========================

    21-02-2014 17:28:41 Scheduled Checkpoint
    01-03-2014 16:56:32 Scheduled Checkpoint
    09-03-2014 01:03:17 Scheduled Checkpoint
    16-03-2014 10:00:27 Scheduled Checkpoint
    16-03-2014 10:00:27 Windows Update
    23-03-2014 16:18:45 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {039EF56A-EA7F-4DDF-84A0-A1BB10F07E6E} - System32\Tasks\TidyNetwork Update => C:\Users\Kids\AppData\Local\TidyNetwork\petnupdate.exe
    Task: {1F89A971-C251-4EB4-9C8E-16EDBCDC841D} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    Task: {517E1BD1-CA13-4804-BC96-66AE7E6ABAEB} - System32\Tasks\Information-codedownloader => C:\Program Files (x86)\Information\Information-codedownloader.exe
    Task: {63590C8E-D0BE-4E98-922D-709118EEE9EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
    Task: {989254BA-49C8-4349-9512-94F7BF64FD5B} - System32\Tasks\Information-firefoxinstaller => C:\Program Files (x86)\Information\Information-firefoxinstaller.exe
    Task: {99567155-FDAD-44B5-9066-7D7FF9FFBE3F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16] (Adobe Systems Incorporated)
    Task: {9B439713-5390-4E8E-888F-4B8DA98C6351} - System32\Tasks\Information-updater => C:\Program Files (x86)\Information\Information-updater.exe
    Task: {AF51699A-D47B-47AA-A27A-9EB59DE30CAC} - System32\Tasks\Information-enabler => C:\Program Files (x86)\Information\Information-enabler.exe <==== ATTENTION
    Task: {C9D71317-FA0F-4856-B676-BC8399A62A3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
    Task: {F3AE439D-F4BA-48E4-A734-285F53BA0317} - System32\Tasks\Information-chromeinstaller => C:\Program Files (x86)\Information\Information-chromeinstaller.exe
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-08-18 16:44 - 2011-08-18 16:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-04-24 11:31 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
    2014-01-29 09:00 - 2009-08-21 16:44 - 02281488 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    2012-04-24 11:31 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
    2011-08-18 16:44 - 2011-08-18 16:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2011-08-18 17:03 - 2011-08-18 17:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2013-01-25 20:16 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
    2014-01-29 09:00 - 2007-12-06 11:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
    2014-01-29 09:00 - 2009-04-06 16:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
    2014-01-29 09:00 - 2009-01-05 21:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
    2014-01-29 09:00 - 2009-04-06 16:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
    2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\libcef.dll
    2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    2012-04-24 11:31 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
    2014-03-28 18:52 - 2014-03-28 18:52 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-03-16 03:00 - 2014-03-16 03:00 - 16276872 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 31%
    Total physical RAM: 5626.02 MB
    Available physical RAM: 3871.82 MB
    Total Pagefile: 11250.21 MB
    Available Pagefile: 9139.75 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:440.59 GB) (Free:380.11 GB) NTFS
    Drive d: (八月 11 2013) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 82BC915B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=441 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25 GB) - (Type=12)

    ==================== End Of Log ============================


    • 0

    #9
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Hi Ron, can you take a look at this?  Thanks, still lots of popups.


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

     

     

     


    • 0

    Advertisements


    #11
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    I moved the downloaded log to my folder where FRST64.exe was, then executed it by pressing "fix" and I only got one log, I think:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
    Ran by Kids at 2014-04-05 12:28:07 Run:1
    Running from C:\Users\Kids\Contacts\Desktop\Virus
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
    FF Extension: Information - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\[email protected]f0472c970.com [2014-03-30]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
    S2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [X]
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004554 _____ () C:\windows\System32\Tasks\Information-updater
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004510 _____ () C:\windows\System32\Tasks\Information-codedownloader
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004388 _____ () C:\windows\System32\Tasks\Information-enabler
    2014-03-29 10:44 - 2014-03-29 10:44 - 00003954 _____ () C:\windows\System32\Tasks\TidyNetwork Update
    2014-03-29 10:43 - 2014-03-29 10:43 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-08 17:32 - 2014-03-08 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004554 _____ () C:\windows\System32\Tasks\Information-updater
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004510 _____ () C:\windows\System32\Tasks\Information-codedownloader
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004388 _____ () C:\windows\System32\Tasks\Information-enabler
    2014-03-29 10:44 - 2014-03-29 10:44 - 00003954 _____ () C:\windows\System32\Tasks\TidyNetwork Update
    2014-03-29 10:43 - 2014-03-29 10:43 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-15 16:09 - 2012-04-24 12:33 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
    2014-03-08 17:32 - 2014-03-08 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-03-08 17:32 - 2014-02-23 17:24 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    Task: {039EF56A-EA7F-4DDF-84A0-A1BB10F07E6E} - System32\Tasks\TidyNetwork Update => C:\Users\Kids\AppData\Local\TidyNetwork\petnupdate.exe
    Task: {1F89A971-C251-4EB4-9C8E-16EDBCDC841D} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    Task: {517E1BD1-CA13-4804-BC96-66AE7E6ABAEB} - System32\Tasks\Information-codedownloader => C:\Program Files (x86)\Information\Information-codedownloader.exe
    Task: {9B439713-5390-4E8E-888F-4B8DA98C6351} - System32\Tasks\Information-updater => C:\Program Files (x86)\Information\Information-updater.exe
    Task: {AF51699A-D47B-47AA-A27A-9EB59DE30CAC} - System32\Tasks\Information-enabler => C:\Program Files (x86)\Information\Information-enabler.exe <==== ATTENTION
    Task: {F3AE439D-F4BA-48E4-A734-285F53BA0317} - System32\Tasks\Information-chromeinstaller => C:\Program Files (x86)\Information\Information-chromeinstaller.exe




    *****************

    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => Key deleted successfully.
    C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll => Moved successfully.
    C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\[email protected]f0472c970.com => Moved successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} => Value deleted successfully.
    McComponentHostService => Service deleted successfully.
    PCTechHotlineSvc => Service deleted successfully.
    C:\windows\System32\Tasks\Information-updater => Moved successfully.
    C:\windows\System32\Tasks\Information-codedownloader => Moved successfully.
    C:\windows\System32\Tasks\Information-enabler => Moved successfully.
    C:\windows\System32\Tasks\TidyNetwork Update => Moved successfully.
    C:\windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
    C:\Program Files\McAfee Security Scan => Moved successfully.
    "C:\windows\System32\Tasks\Information-updater" => File/Directory not found.
    "C:\windows\System32\Tasks\Information-codedownloader" => File/Directory not found.
    "C:\windows\System32\Tasks\Information-enabler" => File/Directory not found.
    "C:\windows\System32\Tasks\TidyNetwork Update" => File/Directory not found.
    "C:\windows\System32\Tasks\BrowserSafeguard Update Task" => File/Directory not found.
    C:\Users\Public\Desktop\Internet Browser.lnk => Moved successfully.
    "C:\Program Files\McAfee Security Scan" => File/Directory not found.
    C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{039EF56A-EA7F-4DDF-84A0-A1BB10F07E6E} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{039EF56A-EA7F-4DDF-84A0-A1BB10F07E6E} => Key deleted successfully.
    C:\Windows\System32\Tasks\TidyNetwork Update not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F89A971-C251-4EB4-9C8E-16EDBCDC841D} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F89A971-C251-4EB4-9C8E-16EDBCDC841D} => Key deleted successfully.
    C:\Windows\System32\Tasks\BrowserSafeguard Update Task not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{517E1BD1-CA13-4804-BC96-66AE7E6ABAEB} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517E1BD1-CA13-4804-BC96-66AE7E6ABAEB} => Key deleted successfully.
    C:\Windows\System32\Tasks\Information-codedownloader not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-codedownloader => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B439713-5390-4E8E-888F-4B8DA98C6351} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B439713-5390-4E8E-888F-4B8DA98C6351} => Key deleted successfully.
    C:\Windows\System32\Tasks\Information-updater not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-updater => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF51699A-D47B-47AA-A27A-9EB59DE30CAC} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF51699A-D47B-47AA-A27A-9EB59DE30CAC} => Key deleted successfully.
    C:\Windows\System32\Tasks\Information-enabler not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-enabler => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3AE439D-F4BA-48E4-A734-285F53BA0317} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3AE439D-F4BA-48E4-A734-285F53BA0317} => Key deleted successfully.
    C:\Windows\System32\Tasks\Information-chromeinstaller => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-chromeinstaller => Key deleted successfully.

    ==== End of Fixlog ====


    Edited by scmba, 05 April 2014 - 01:29 PM.

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    OK Run FRST again and make sure the Additions box is checked before doing a scan.  Then you should get both logs.


    • 0

    #13
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    It doesn't produce 2 logs, all it produces is this fixlog:  Is this what you want? 

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
    Ran by Kids at 2014-04-11 07:33:37 Run:2
    Running from C:\Users\Kids\Contacts\Desktop\Virus
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
    FF Extension: Information - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\[email protected]f0472c970.com [2014-03-30]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
    S2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [X]
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004554 _____ () C:\windows\System32\Tasks\Information-updater
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004510 _____ () C:\windows\System32\Tasks\Information-codedownloader
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004388 _____ () C:\windows\System32\Tasks\Information-enabler
    2014-03-29 10:44 - 2014-03-29 10:44 - 00003954 _____ () C:\windows\System32\Tasks\TidyNetwork Update
    2014-03-29 10:43 - 2014-03-29 10:43 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-08 17:32 - 2014-03-08 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004554 _____ () C:\windows\System32\Tasks\Information-updater
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004510 _____ () C:\windows\System32\Tasks\Information-codedownloader
    2014-03-29 10:45 - 2014-03-29 10:45 - 00004388 _____ () C:\windows\System32\Tasks\Information-enabler
    2014-03-29 10:44 - 2014-03-29 10:44 - 00003954 _____ () C:\windows\System32\Tasks\TidyNetwork Update
    2014-03-29 10:43 - 2014-03-29 10:43 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
    2014-03-15 16:09 - 2012-04-24 12:33 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
    2014-03-08 17:32 - 2014-03-08 17:32 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-03-08 17:32 - 2014-02-23 17:24 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    Task: {039EF56A-EA7F-4DDF-84A0-A1BB10F07E6E} - System32\Tasks\TidyNetwork Update => C:\Users\Kids\AppData\Local\TidyNetwork\petnupdate.exe
    Task: {1F89A971-C251-4EB4-9C8E-16EDBCDC841D} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    Task: {517E1BD1-CA13-4804-BC96-66AE7E6ABAEB} - System32\Tasks\Information-codedownloader => C:\Program Files (x86)\Information\Information-codedownloader.exe
    Task: {9B439713-5390-4E8E-888F-4B8DA98C6351} - System32\Tasks\Information-updater => C:\Program Files (x86)\Information\Information-updater.exe
    Task: {AF51699A-D47B-47AA-A27A-9EB59DE30CAC} - System32\Tasks\Information-enabler => C:\Program Files (x86)\Information\Information-enabler.exe <==== ATTENTION
    Task: {F3AE439D-F4BA-48E4-A734-285F53BA0317} - System32\Tasks\Information-chromeinstaller => C:\Program Files (x86)\Information\Information-chromeinstaller.exe




    *****************

    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => Key not found.
    C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll not found.
    C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\[email protected]f0472c970.com not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} => Value not found.
    McComponentHostService => Service not found.
    PCTechHotlineSvc => Service not found.
    "C:\windows\System32\Tasks\Information-updater" => File/Directory not found.
    "C:\windows\System32\Tasks\Information-codedownloader" => File/Directory not found.
    "C:\windows\System32\Tasks\Information-enabler" => File/Directory not found.
    "C:\windows\System32\Tasks\TidyNetwork Update" => File/Directory not found.
    "C:\windows\System32\Tasks\BrowserSafeguard Update Task" => File/Directory not found.
    "C:\Program Files\McAfee Security Scan" => File/Directory not found.
    "C:\windows\System32\Tasks\Information-updater" => File/Directory not found.
    "C:\windows\System32\Tasks\Information-codedownloader" => File/Directory not found.
    "C:\windows\System32\Tasks\Information-enabler" => File/Directory not found.
    "C:\windows\System32\Tasks\TidyNetwork Update" => File/Directory not found.
    "C:\windows\System32\Tasks\BrowserSafeguard Update Task" => File/Directory not found.
    "C:\Users\Public\Desktop\Internet Browser.lnk" => File/Directory not found.
    "C:\Program Files\McAfee Security Scan" => File/Directory not found.
    "C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{039EF56A-EA7F-4DDF-84A0-A1BB10F07E6E} => Key not found.
    C:\Windows\System32\Tasks\TidyNetwork Update not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F89A971-C251-4EB4-9C8E-16EDBCDC841D} => Key not found.
    C:\Windows\System32\Tasks\BrowserSafeguard Update Task not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517E1BD1-CA13-4804-BC96-66AE7E6ABAEB} => Key not found.
    C:\Windows\System32\Tasks\Information-codedownloader not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-codedownloader => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B439713-5390-4E8E-888F-4B8DA98C6351} => Key not found.
    C:\Windows\System32\Tasks\Information-updater not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-updater => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF51699A-D47B-47AA-A27A-9EB59DE30CAC} => Key not found.
    C:\Windows\System32\Tasks\Information-enabler not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-enabler => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3AE439D-F4BA-48E4-A734-285F53BA0317} => Key not found.
    C:\Windows\System32\Tasks\Information-chromeinstaller not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-chromeinstaller => Key not found.

    ==== End of Fixlog ====


    • 0

    #14
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    I think this may be the original (3.30.14) additional.txt you wanted:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by Kids at 2014-03-30 08:36:37
    Running from C:\Users\Kids\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{AD2C4469-ACD9-4E78-91DE-A6BF6459959A}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
    AMD Fuel (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    AMD VISION Engine Control Center (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Profiles Desktop (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
    CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
    Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0978 - Ezvid, inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
    Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.3426 - Lenovo)
    Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.)
    Lenovo Power2Go (x32 Version: 6.0.5317 - CyberLink Corp.) Hidden
    Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
    Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
    LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
    Medialink MWN-USB150N (HKLM-x32\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    PC Tech Hotline (HKLM-x32\...\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1) (Version: 3.0.0.4 - Crawler, LLC)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
    Windows Driver Package - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Restore Points  =========================

    21-02-2014 17:28:41 Scheduled Checkpoint
    01-03-2014 16:56:32 Scheduled Checkpoint
    09-03-2014 01:03:17 Scheduled Checkpoint
    16-03-2014 10:00:27 Scheduled Checkpoint
    16-03-2014 10:00:27 Windows Update
    23-03-2014 16:18:45 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {039EF56A-EA7F-4DDF-84A0-A1BB10F07E6E} - System32\Tasks\TidyNetwork Update => C:\Users\Kids\AppData\Local\TidyNetwork\petnupdate.exe
    Task: {1F89A971-C251-4EB4-9C8E-16EDBCDC841D} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    Task: {517E1BD1-CA13-4804-BC96-66AE7E6ABAEB} - System32\Tasks\Information-codedownloader => C:\Program Files (x86)\Information\Information-codedownloader.exe
    Task: {63590C8E-D0BE-4E98-922D-709118EEE9EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
    Task: {989254BA-49C8-4349-9512-94F7BF64FD5B} - System32\Tasks\Information-firefoxinstaller => C:\Program Files (x86)\Information\Information-firefoxinstaller.exe
    Task: {99567155-FDAD-44B5-9066-7D7FF9FFBE3F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16] (Adobe Systems Incorporated)
    Task: {9B439713-5390-4E8E-888F-4B8DA98C6351} - System32\Tasks\Information-updater => C:\Program Files (x86)\Information\Information-updater.exe
    Task: {AF51699A-D47B-47AA-A27A-9EB59DE30CAC} - System32\Tasks\Information-enabler => C:\Program Files (x86)\Information\Information-enabler.exe <==== ATTENTION
    Task: {C9D71317-FA0F-4856-B676-BC8399A62A3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
    Task: {F3AE439D-F4BA-48E4-A734-285F53BA0317} - System32\Tasks\Information-chromeinstaller => C:\Program Files (x86)\Information\Information-chromeinstaller.exe
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-08-18 16:44 - 2011-08-18 16:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-04-24 11:31 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
    2014-01-29 09:00 - 2009-08-21 16:44 - 02281488 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    2012-04-24 11:31 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
    2011-08-18 16:44 - 2011-08-18 16:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2011-08-18 17:03 - 2011-08-18 17:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2013-01-25 20:16 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
    2014-01-29 09:00 - 2007-12-06 11:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
    2014-01-29 09:00 - 2009-04-06 16:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
    2014-01-29 09:00 - 2009-01-05 21:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
    2014-01-29 09:00 - 2009-04-06 16:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
    2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\libcef.dll
    2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    2012-04-24 11:31 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
    2014-03-28 18:52 - 2014-03-28 18:52 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-03-16 03:00 - 2014-03-16 03:00 - 16276872 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 31%
    Total physical RAM: 5626.02 MB
    Available physical RAM: 3871.82 MB
    Total Pagefile: 11250.21 MB
    Available Pagefile: 9139.75 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:440.59 GB) (Free:380.11 GB) NTFS
    Drive d: (八月 11 2013) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 82BC915B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=441 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25 GB) - (Type=12)

    ==================== End Of Log ============================


    • 0

    #15
    scmba

    scmba

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 109 posts

    Was that the "additional.txt" that you wanted?  I'm sure that is the original.  Thanks


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP