Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help to identify & remove virus/malware


  • This topic is locked This topic is locked
15 replies to this topic

#1 johnc576

johnc576

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 02 July 2014 - 09:05 AM

Hello 

 

I have been trying to identify a problem I am having with my laptop for work. I had been running AVG Free 2014 successfully until about a week ago when I started having problems. I found this forum by searching for the issues I was having with AVG & group policy, inactive connection, system administrator error messages.

 

I have been able to remove the AVG program, but not been able to re-install it successfully. I have downloaded and run Malware bytes free program and the Kaspersky free system scan tool - to no avail. I have seen people post for assistance using the DDS.txt program to get the ball rolling; please see below for the DDS.txt results.

 

I have little knowledge with computer systems, but can follow detailed instructions well. I am hoping someone can help identify and eradicate the problem(s) at hand, maybe even identify how to avoid getting them in the future.

 

Regards,

 

AJ

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by andjoh at 9:37:25 on 2014-07-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3690.956 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [IntelSBA] C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel® Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\andjoh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.0.4 192.168.0.3
TCP: Interfaces\{D719CFB5-7BC3-443B-A6E4-708F3C18EA1F} : DHCPNameServer = 192.168.0.4 192.168.0.3
TCP: Interfaces\{D719CFB5-7BC3-443B-A6E4-708F3C18EA1F}\14E64647865627 : DHCPNameServer = 64.71.255.198
TCP: Interfaces\{D719CFB5-7BC3-443B-A6E4-708F3C18EA1F}\160747020303030302E4564777F627B6 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{D719CFB5-7BC3-443B-A6E4-708F3C18EA1F}\2454C4C4731333 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D719CFB5-7BC3-443B-A6E4-708F3C18EA1F}\355707562783745756374737 : DHCPNameServer = 64.59.176.13 64.59.176.15
TCP: Interfaces\{D719CFB5-7BC3-443B-A6E4-708F3C18EA1F}\371637B61647F6F6E6F516962707F62747 : DHCPNameServer = 10.0.252.1
TCP: Interfaces\{D719CFB5-7BC3-443B-A6E4-708F3C18EA1F}\D4163634F6E6E6563647 : DHCPNameServer = 130.113.128.1 130.113.64.1
TCP: Interfaces\{F64E5A06-DA09-490A-BD02-E10B62F2BEE1} : DHCPNameServer = 192.168.0.4 192.168.0.3
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - 
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\drivers\excsd.sys [2012-8-11 95024]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-11 19224]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-29 25416]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\drivers\excfs.sys [2012-8-11 23344]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-2-13 770528]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-8-11 198784]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-8-11 169776]
R2 FPLService;TrueSuiteService;C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2013-8-7 2139944]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-8-11 129848]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-11 167736]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-8-11 59952]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-8 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-8-11 74288]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-8-11 198704]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2013-10-7 136288]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-8 70152]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-8 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-8 144960]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-2-8 3386608]
R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-8-11 216704]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-3-17 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-17 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-11 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-11 789272]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-26 122584]
R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-8-11 1662560]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-8-11 259688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-3-17 849992]
R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-8-11 27448]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-7-22 401704]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-8-11 27432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]
S2 VIPAppService;VIPAppService;"C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe" --> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [?]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-8-11 70416]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 intelsba;Intel® Small Business Advantage;C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2013-7-4 48832]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-5-6 1663880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-2-8 273136]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-8-11 1665120]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-02 11:22:36 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD2A4F79-C068-48A2-92EC-96A22B8552DE}\offreg.dll
2014-07-02 11:17:12 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD2A4F79-C068-48A2-92EC-96A22B8552DE}\mpengine.dll
2014-06-26 18:45:32 -------- d-----w- C:\ProgramData\HitmanPro
2014-06-26 17:20:08 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-26 17:19:57 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-26 17:19:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-26 17:19:57 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-26 17:19:57 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-26 17:19:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 15:56:20 -------- d-----w- C:\AVGTemp
2014-06-11 00:27:39 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 00:27:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-16 17:38:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-15 14:44:15 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-15 14:44:14 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 14:44:09 17938608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH:  9:37:39.25 ===============
 


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 PM

Posted 05 July 2014 - 11:00 AM

hello and welcome to Bleeping Computer,

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 johnc576

johnc576
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 09 July 2014 - 08:22 AM

Attached File  Screen Shot July 09 14 920 am.jpg   52.6KB   0 downloadsHello CatByte,

 

I have run ComboFix after following the directions above, without clicking on the window it is running in, as well as turning off the screen saver. Almost an hour later I have the following screen image Attached File  Screen Shot July 09 14 920 am.jpg   52.6KB   0 downloads ; Can I close the ComboFix program and re boot the computer then run ComboFix again to get the log?

 

 



#4 johnc576

johnc576
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 09 July 2014 - 08:36 AM

Hello CatByte,

 

I restarted my computer and ran the ComboFix program again. Please find the log details below.

 

ComboFix 14-07-08.01 - andjoh 09/07/2014   9:26.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3690.1143 [GMT -4:00]
Running from: c:\users\andjoh\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\END
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Roaming
c:\users\andjoh\AppData\Local\assembly\tmp
Q:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-09 to 2014-07-09  )))))))))))))))))))))))))))))))
.
.
2014-07-09 13:32 . 2014-07-09 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-09 13:32 . 2014-07-09 13:32 -------- d-----w- c:\users\darslo\AppData\Local\temp
2014-07-09 13:32 . 2014-07-09 13:32 -------- d-----w- c:\users\Andrew Johnson\AppData\Local\temp
2014-07-09 13:32 . 2014-07-09 13:32 -------- d-----w- c:\users\admin\AppData\Local\temp
2014-07-08 11:18 . 2014-06-17 06:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{294FCA7B-4F88-4F1A-B392-E4788DC94C38}\mpengine.dll
2014-06-26 18:45 . 2014-06-26 18:56 -------- d-----w- c:\programdata\HitmanPro
2014-06-26 17:20 . 2014-07-02 11:14 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-26 17:19 . 2014-06-26 17:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-26 17:19 . 2014-06-26 17:19 -------- d-----w- c:\programdata\Malwarebytes
2014-06-26 17:19 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-26 17:19 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-26 17:19 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-25 15:56 . 2014-06-25 15:56 -------- d-----w- C:\AVGTemp
2014-06-24 12:33 . 2014-06-24 12:33 -------- d-----w- c:\users\admin\AppData\Local\Adobe
2014-06-24 12:32 . 2014-06-24 12:32 -------- d-----w- c:\users\admin\AppData\Roaming\TuneUp Software
2014-06-24 12:31 . 2014-06-24 12:31 -------- d-----w- c:\users\admin\AppData\Local\MFAData
2014-06-11 00:27 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 00:27 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-11 11:30 . 2012-10-19 13:45 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-16 17:38 . 2014-05-16 17:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-15 14:44 . 2012-10-22 16:05 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 14:44 . 2012-10-22 16:05 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 14:44 . 2014-05-15 14:44 17938608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-04-12 02:22 . 2014-05-15 11:41 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-15 11:41 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-15 11:41 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-15 11:41 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-15 11:41 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-15 11:41 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-15 11:41 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-15 11:41 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-15 11:41 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2013-05-31 132920]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-04-13 291608]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-15 5941344]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel® Small Business Advantage\Service\SBALaunchDelay.exe" [2013-04-10 56000]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\andjoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-11-14 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel® Small Business Advantage;c:\program files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-16 12:31 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 14:44]
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 18:41]
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 18:41]
.
2014-07-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2014-07-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-01-25 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-24 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
"TpShocks"="TpShocks.exe" [2012-02-25 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2014-01-28 297008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-06-06 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-06-06 442352]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.4 192.168.0.3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-09  09:33:30
ComboFix-quarantined-files.txt  2014-07-09 13:33
.
Pre-Run: 395,563,298,816 bytes free
Post-Run: 395,364,192,256 bytes free
.
- - End Of File - - 39BD9694A08AFA935F6BA888F61C10E9
 
Please let me know what the next thing I can do is to get the Free Downloadable software for AVG 2014 back on my computer. Also Thank you for your help in resolving this matter, it is greatly appreciated.
 
Regards,
 
AJ


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 PM

Posted 09 July 2014 - 10:37 AM

Let's get another diagnostic scan with a different tool to see what remains


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 johnc576

johnc576
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 10 July 2014 - 07:08 AM

Hello CatByte,

 

Please find the results of the two .txt files below. I am going to be away from my computer until Monday, just wanted to let you know.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by andjoh (administrator) on THINKPADE530 on 10-07-2014 08:04:16
Running from C:\Users\andjoh\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [297008 2014-01-28] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-13] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel® Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [5180096 2013-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: %Temp%\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1614895754-879983540-839522115-1654\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-11] (Google Inc.)
Startup: C:\Users\andjoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6PQT12Ve1A&i=26
BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (TrueSuite) - C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File
CHR Plugin: (Windows Live\ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-19]
CHR Extension: (Website Logon) - C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\clglhglbidpdbjffpfcldkifhdegdfle [2013-10-07]
CHR Extension: (Google Search) - C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-19]
CHR Extension: (New tab for Chromeâ„¢) - C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2012-12-17]
CHR Extension: (Google Wallet) - C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-19]
CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-12-17]
 
==================== Services (Whitelisted) =================
 
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-05-31] (Intel Corporation)
S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [198704 2014-01-28] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
S2 VIPAppService; "C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-02] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-10 08:04 - 2014-07-10 08:04 - 00023005 _____ () C:\Users\andjoh\Desktop\FRST.txt
2014-07-10 08:04 - 2014-07-10 08:04 - 00000000 ____D () C:\FRST
2014-07-10 08:02 - 2014-07-10 08:03 - 02084352 _____ (Farbar) C:\Users\andjoh\Desktop\FRST64.exe
2014-07-10 07:24 - 2014-07-10 07:30 - 00014149 _____ () C:\Users\andjoh\Desktop\ABM Dealer Pricing as of July 09 14.xlsx
2014-07-09 09:51 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 09:51 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 09:51 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:51 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:51 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:51 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:51 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:51 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:51 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:51 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:51 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:51 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:51 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:51 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:51 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:51 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:51 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:51 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:51 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:51 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:51 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:51 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:51 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:51 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:51 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:51 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:51 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:51 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:51 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:51 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:51 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:51 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:51 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:51 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:51 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:51 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:51 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:51 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:51 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:51 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:51 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:51 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:51 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:51 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:51 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:51 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:51 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:51 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:51 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:51 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:51 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:51 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:51 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:51 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:51 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:51 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:51 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:51 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:51 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:51 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:51 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:51 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:51 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:51 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 09:51 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 09:51 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 09:51 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 09:51 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 09:51 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 09:51 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 09:51 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 09:51 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 09:51 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 09:51 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 09:51 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 09:51 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 09:51 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 09:51 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:49 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:49 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:49 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 09:39 - 2014-07-09 09:40 - 00000000 ____D () C:\Users\andjoh\Desktop\Computer problem resolution
2014-07-09 09:33 - 2014-07-09 09:33 - 00025109 _____ () C:\ComboFix.txt
2014-07-09 09:25 - 2014-07-09 09:33 - 00000000 ____D () C:\ComboFix
2014-07-09 07:39 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-09 07:39 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-09 07:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-09 07:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-09 07:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-09 07:39 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-09 07:39 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-09 07:39 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-09 07:38 - 2014-07-09 09:33 - 00000000 ____D () C:\Qoobox
2014-07-09 07:38 - 2014-07-09 09:32 - 00000000 ____D () C:\Windows\erdnt
2014-07-02 09:36 - 2014-07-02 09:36 - 00688992 ____R (Swearware) C:\Users\andjoh\Downloads\dds.com
2014-07-02 07:51 - 2014-07-02 07:51 - 00180000 _____ (Kaspersky Lab) C:\Users\admin\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-07-02 07:40 - 2014-07-02 07:40 - 04755192 _____ (AVG Technologies) C:\Users\andjoh\Downloads\avg_free_stb_all_2014_4714_cnet.exe
2014-06-26 14:48 - 2014-06-26 14:48 - 11181544 _____ (SurfRight B.V.) C:\Users\andjoh\Downloads\HitmanPro_x64 (1).exe
2014-06-26 14:47 - 2014-06-26 14:47 - 11181544 _____ (SurfRight B.V.) C:\Users\andjoh\Downloads\HitmanPro_x64.exe
2014-06-26 14:47 - 2014-06-26 14:47 - 10274632 _____ (SurfRight B.V.) C:\Users\andjoh\Downloads\HitmanPro.exe
2014-06-26 14:45 - 2014-06-26 14:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-26 14:10 - 2014-06-26 14:45 - 00015592 _____ () C:\Users\andjoh\Desktop\Email list for Diatec Rack Sale Eblast June 26 14.xlsx
2014-06-26 13:20 - 2014-07-02 07:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 13:19 - 2014-06-26 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:19 - 2014-06-26 13:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 13:19 - 2014-06-26 13:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 13:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 13:19 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 13:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-26 13:09 - 2014-06-26 13:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\andjoh\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-26 11:49 - 2014-06-26 11:27 - 00058524 _____ () C:\Users\andjoh\Desktop\Sales History Data for diatec 20140626.xlsx
2014-06-26 10:15 - 2014-06-26 10:15 - 01891480 _____ ( ) C:\Users\admin\Downloads\AVG_ResetAccess.exe
2014-06-26 08:06 - 2014-06-26 08:06 - 00100006 _____ () C:\Users\andjoh\Desktop\Natalias clearance list as of June 17 - revised by preston June 25.xlsx
2014-06-25 11:56 - 2014-06-25 11:56 - 00000000 ____D () C:\AVGTemp
2014-06-24 10:02 - 2014-06-24 10:02 - 00000000 ____D () C:\Users\andjoh\Desktop\MFAData
2014-06-24 08:33 - 2014-06-24 08:33 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-06-24 08:32 - 2014-06-24 08:32 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TuneUp Software
2014-06-24 08:31 - 2014-06-24 08:31 - 00000000 ____D () C:\Users\admin\AppData\Local\MFAData
2014-06-23 11:33 - 2014-06-23 12:20 - 16085744 _____ () C:\Users\andjoh\Desktop\Item Sales History Jan 01 11 to June 23 14.xlsx
2014-06-23 11:30 - 2014-06-23 11:32 - 70494719 _____ () C:\Users\andjoh\Desktop\ite6462.csv
2014-06-23 10:06 - 2014-06-23 12:16 - 00272164 _____ () C:\Users\andjoh\Desktop\Natalias clearance list as of June 17 with AJs notes as of June 23 14.xlsx
2014-06-20 12:00 - 2014-06-20 12:00 - 00039423 _____ () C:\Users\andjoh\Desktop\ABM PCR product cross reference chart (Sept 3 - 2013) as of June 20 14.xlsx
2014-06-20 09:35 - 2014-06-20 11:58 - 00016869 _____ () C:\Users\andjoh\Desktop\SPL Clearance Pricing as of June 20 14.xlsx
2014-06-20 08:11 - 2014-06-20 08:57 - 01503806 _____ () C:\Users\andjoh\Desktop\STOCK Diamed 2014 Pricing - re ON13-1017UNIO-EP (Eric Prendergast) as of June 20 14.xlsx
2014-06-10 20:28 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 20:28 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 20:28 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 20:28 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 20:28 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 20:28 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 20:28 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 20:28 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 20:28 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 20:28 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 20:28 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 20:28 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
 
==================== One Month Modified Files and Folders =======
 
2014-07-10 08:04 - 2014-07-10 08:04 - 00023005 _____ () C:\Users\andjoh\Desktop\FRST.txt
2014-07-10 08:04 - 2014-07-10 08:04 - 00000000 ____D () C:\FRST
2014-07-10 08:03 - 2014-07-10 08:02 - 02084352 _____ (Farbar) C:\Users\andjoh\Desktop\FRST64.exe
2014-07-10 08:01 - 2013-01-29 09:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 08:01 - 2012-10-19 14:46 - 00000000 ____D () C:\ajemail
2014-07-10 07:47 - 2012-08-11 14:21 - 02036764 _____ () C:\Windows\WindowsUpdate.log
2014-07-10 07:37 - 2012-08-11 14:41 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 07:30 - 2014-07-10 07:24 - 00014149 _____ () C:\Users\andjoh\Desktop\ABM Dealer Pricing as of July 09 14.xlsx
2014-07-10 07:09 - 2009-07-14 00:51 - 00120860 _____ () C:\Windows\setupact.log
2014-07-10 07:04 - 2009-07-14 01:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 07:04 - 2009-07-14 00:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 07:04 - 2009-07-14 00:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 06:59 - 2012-08-11 14:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 06:59 - 2012-08-11 14:23 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-07-10 06:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 06:59 - 2009-07-14 00:45 - 00439000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 06:58 - 2014-05-06 11:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 06:58 - 2011-12-08 16:43 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 06:58 - 2010-11-20 23:47 - 00530722 _____ () C:\Windows\PFRO.log
2014-07-10 06:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 06:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 16:54 - 2013-08-19 07:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:53 - 2012-10-19 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:53 - 2012-10-19 09:45 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 16:51 - 2012-10-19 12:00 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-09 14:04 - 2014-02-25 09:54 - 00791792 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-09 13:23 - 2012-08-11 14:23 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-07-09 11:01 - 2013-01-29 09:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 11:01 - 2012-10-22 12:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 11:01 - 2012-10-22 12:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 09:40 - 2014-07-09 09:39 - 00000000 ____D () C:\Users\andjoh\Desktop\Computer problem resolution
2014-07-09 09:33 - 2014-07-09 09:33 - 00025109 _____ () C:\ComboFix.txt
2014-07-09 09:33 - 2014-07-09 09:25 - 00000000 ____D () C:\ComboFix
2014-07-09 09:33 - 2014-07-09 07:38 - 00000000 ____D () C:\Qoobox
2014-07-09 09:33 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-09 09:32 - 2014-07-09 07:38 - 00000000 ____D () C:\Windows\erdnt
2014-07-09 09:32 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-02 15:56 - 2014-01-14 08:39 - 00000000 ____D () C:\Users\andjoh\Desktop\Diamed
2014-07-02 09:36 - 2014-07-02 09:36 - 00688992 ____R (Swearware) C:\Users\andjoh\Downloads\dds.com
2014-07-02 07:51 - 2014-07-02 07:51 - 00180000 _____ (Kaspersky Lab) C:\Users\admin\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-07-02 07:40 - 2014-07-02 07:40 - 04755192 _____ (AVG Technologies) C:\Users\andjoh\Downloads\avg_free_stb_all_2014_4714_cnet.exe
2014-07-02 07:14 - 2014-06-26 13:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 22:09 - 2014-07-09 09:51 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 09:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 09:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Cursors
2014-06-26 14:56 - 2014-06-26 14:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-26 14:48 - 2014-06-26 14:48 - 11181544 _____ (SurfRight B.V.) C:\Users\andjoh\Downloads\HitmanPro_x64 (1).exe
2014-06-26 14:47 - 2014-06-26 14:47 - 11181544 _____ (SurfRight B.V.) C:\Users\andjoh\Downloads\HitmanPro_x64.exe
2014-06-26 14:47 - 2014-06-26 14:47 - 10274632 _____ (SurfRight B.V.) C:\Users\andjoh\Downloads\HitmanPro.exe
2014-06-26 14:45 - 2014-06-26 14:10 - 00015592 _____ () C:\Users\andjoh\Desktop\Email list for Diatec Rack Sale Eblast June 26 14.xlsx
2014-06-26 13:32 - 2012-12-17 15:42 - 00000000 ____D () C:\ProgramData\VisualBee
2014-06-26 13:19 - 2014-06-26 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:19 - 2014-06-26 13:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 13:19 - 2014-06-26 13:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 13:10 - 2014-06-26 13:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\andjoh\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-26 11:27 - 2014-06-26 11:49 - 00058524 _____ () C:\Users\andjoh\Desktop\Sales History Data for diatec 20140626.xlsx
2014-06-26 10:15 - 2014-06-26 10:15 - 01891480 _____ ( ) C:\Users\admin\Downloads\AVG_ResetAccess.exe
2014-06-26 10:12 - 2013-10-12 15:42 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-26 10:12 - 2013-10-12 15:41 - 00000000 ____D () C:\Users\andjoh\AppData\Local\Avg2014
2014-06-26 10:12 - 2012-11-07 09:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-26 10:11 - 2012-11-07 09:27 - 00000000 ____D () C:\$AVG
2014-06-26 08:06 - 2014-06-26 08:06 - 00100006 _____ () C:\Users\andjoh\Desktop\Natalias clearance list as of June 17 - revised by preston June 25.xlsx
2014-06-25 11:56 - 2014-06-25 11:56 - 00000000 ____D () C:\AVGTemp
2014-06-24 11:23 - 2014-05-23 13:47 - 00000000 ____D () C:\Users\andjoh\Desktop\Q3 Flyer Files
2014-06-24 10:02 - 2014-06-24 10:02 - 00000000 ____D () C:\Users\andjoh\Desktop\MFAData
2014-06-24 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration
2014-06-24 08:33 - 2014-06-24 08:33 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-06-24 08:33 - 2014-06-09 08:04 - 00000000 ____D () C:\Users\admin\AppData\Roaming\LSC
2014-06-24 08:33 - 2014-06-09 07:54 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-06-24 08:33 - 2012-10-19 12:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Lenovo
2014-06-24 08:33 - 2012-10-19 12:13 - 00000000 ____D () C:\Users\admin\AppData\Local\Lenovo
2014-06-24 08:32 - 2014-06-24 08:32 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TuneUp Software
2014-06-24 08:31 - 2014-06-24 08:31 - 00000000 ____D () C:\Users\admin\AppData\Local\MFAData
2014-06-23 12:20 - 2014-06-23 11:33 - 16085744 _____ () C:\Users\andjoh\Desktop\Item Sales History Jan 01 11 to June 23 14.xlsx
2014-06-23 12:16 - 2014-06-23 10:06 - 00272164 _____ () C:\Users\andjoh\Desktop\Natalias clearance list as of June 17 with AJs notes as of June 23 14.xlsx
2014-06-23 11:32 - 2014-06-23 11:30 - 70494719 _____ () C:\Users\andjoh\Desktop\ite6462.csv
2014-06-20 16:14 - 2014-07-09 09:51 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 09:51 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 13:47 - 2012-11-19 19:27 - 00000000 ____D () C:\Users\andjoh\AppData\Local\AuthenTec
2014-06-20 12:00 - 2014-06-20 12:00 - 00039423 _____ () C:\Users\andjoh\Desktop\ABM PCR product cross reference chart (Sept 3 - 2013) as of June 20 14.xlsx
2014-06-20 11:58 - 2014-06-20 09:35 - 00016869 _____ () C:\Users\andjoh\Desktop\SPL Clearance Pricing as of June 20 14.xlsx
2014-06-20 08:57 - 2014-06-20 08:11 - 01503806 _____ () C:\Users\andjoh\Desktop\STOCK Diamed 2014 Pricing - re ON13-1017UNIO-EP (Eric Prendergast) as of June 20 14.xlsx
2014-06-18 21:39 - 2014-07-09 09:51 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 09:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 09:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 09:51 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 09:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 09:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 09:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-09 09:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-09 09:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 09:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 09:51 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 09:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 09:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 09:51 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 09:51 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 09:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 09:51 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 09:51 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 09:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 09:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 09:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 09:51 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 09:51 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 09:51 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 09:51 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 09:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 09:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 09:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 09:51 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 09:51 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 09:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 09:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 09:51 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 09:51 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 09:51 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 09:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 09:51 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 09:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 09:51 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 09:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 09:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 09:51 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 09:51 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 09:51 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 09:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 09:51 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 09:51 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 09:51 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 09:51 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 09:51 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 09:51 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 09:51 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 09:51 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 09:51 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 08:31 - 2012-08-11 14:41 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 08:31 - 2012-08-11 14:41 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 22:18 - 2014-07-09 09:51 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 09:51 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-11 13:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-10 07:16 - 2012-11-02 09:32 - 00000000 ____D () C:\Users\andjoh\AppData\Local\CrashDumps
2014-06-10 07:15 - 2012-12-18 09:35 - 00000000 ____D () C:\Users\andjoh\AppData\Local\Deployment
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-08 09:26
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by andjoh at 2014-07-10 08:04:47
Running from C:\Users\andjoh\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.34.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Everest Advanced Edition 5.0.2.6 (Client) (HKLM-x32\...\{A3E8ED8F-641C-4E45-9F44-1B1E9659B7A6}) (Version: 1.00.0000 - iCode, Inc.)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Fingerprint Reader (HKLM\...\{7DD99174-299B-4450-A179-7F27F4C2D042}) (Version: 6.0.200.105 - AuthenTec, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.02 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.9.0 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.21 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.0.32.7350 - Intel® Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{5B5DEF99-85E9-423D-A1A3-B83202697B09}) (Version: 1.0.0006.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
PCL Printer Driver Uninstaller (HKLM\...\PCL Printer Driver) (Version: 5, 4, 0, 0 - Canon Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.2.14 - Client Connect LTD) <==== ATTENTION
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.4.17 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032) (HKLM\...\64A62163FE43328D13305746CB8BCC93F2DF6545) (Version: 11/29/2011 11.0.0.1032 - Intel)
Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) (HKLM\...\FD2ED46D31CE7DF190049D079E92DE03D347A634) (Version: 01/11/2012 1.65.05.21 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== ATTENTION
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-07-09 07:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {01F474D0-8E32-47FC-B758-2F2E58715062} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for DIAMED.andjoh => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {286F5E7D-8745-40A4-BA1D-20220E52F427} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {2BA1B294-6DAC-43DF-9277-7B27D9D4EEB2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {2D3C47A4-C68D-4968-BBAE-566E6FC1C0B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11] (Google Inc.)
Task: {3DF1B2CA-DA9B-4511-AFD6-11025ED94EFF} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: {4047A714-9E8E-483C-A0CF-4962CE6AAB1C} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-09-19] (Absolute Software)
Task: {5D64098F-D4D1-4D51-B0D8-7325D54BAA77} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {5EE6A78C-563C-4EEB-A20F-2699C4E92598} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11] (Google Inc.)
Task: {637CB40E-C048-432E-B6EE-770A1894587B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {63DE2F64-DDEE-45C6-AE2A-965ED01E5C6B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {6657D477-2921-4975-B9DB-A97FD7EE5680} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {680CE568-56C1-41E0-A7C4-72DF479A09D0} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for DIAMED.admin => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {6C3FF35F-11C6-40B1-9F79-F2DD30324467} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for ThinkPadE530.Andrew Johnson => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {7E7022CB-4546-4F46-8B12-D0D00514383A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {85389444-3B61-486D-ABE0-3AA8723EAD65} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8C1C21E2-6768-4081-8BF8-4629565224ED} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {8C8AC611-DE88-44F5-97E0-A1FC29EF7AB2} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {96D96B11-09B9-4B79-823F-7B87AEB7E708} - System32\Tasks\Bkup PST => robocopy
Task: {99790142-E820-4273-B7F2-B7473A19598F} - System32\Tasks\VisualBeeRecovery => C:\Users\andjoh\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe
Task: {A67F8C47-7E46-42A1-88D9-468C371F2768} - System32\Tasks\Intel® Small Business Advantage\Notifier => C:\Program Files\Intel\Intel® Small Business Advantage\UI\SBA_Notifier.exe [2013-04-10] (Intel Corporation)
Task: {ADC6DB89-03FB-4531-948F-C9FE90C2A28C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
Task: {B2799104-2791-4A59-9DD4-C4AA5A4808B8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {B3AFA8E7-8947-420F-B2D4-8C74D4A45634} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {B457A630-3CD7-4B64-968F-53EB983A4E20} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {B9F51D28-D799-4F12-8333-37E20E78322B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {D4B0E196-4F60-45F4-9E7A-D83B92A3BDAC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {DC429B0D-6283-4326-8A0A-4504DFFFC6F5} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {E753E8AD-3A7B-4021-B8A4-8A685EFE19BE} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-11 14:32 - 2012-05-15 17:32 - 00093696 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2012-11-14 18:10 - 2009-12-12 16:12 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-08-11 14:29 - 2010-10-26 00:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-08-11 14:23 - 2012-06-25 02:19 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-07 03:03 - 2013-08-07 03:03 - 01130792 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll
2013-08-07 03:04 - 2013-08-07 03:04 - 00087848 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll
2012-08-11 14:38 - 2012-01-17 02:29 - 00030512 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2012-08-11 14:33 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2012-08-11 14:33 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/10/2014 06:59:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/09/2014 04:52:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).
 
Error: (07/09/2014 04:52:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (07/09/2014 10:16:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (07/09/2014 09:25:31 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x80070422).
 
Error: (07/09/2014 09:24:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/09/2014 07:39:04 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x80070422).
 
Error: (07/09/2014 07:26:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/08/2014 11:10:43 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (07/08/2014 07:18:24 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
 
System errors:
=============
Error: (07/10/2014 07:01:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VIPAppService service failed to start due to the following error: 
%%2
 
Error: (07/10/2014 07:00:53 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel® Small Business Advantage service depends the following service: LMS. This service might not be installed.
 
Error: (07/10/2014 06:59:34 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: DIAMED)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (07/10/2014 06:59:26 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (07/10/2014 06:59:16 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DIAMED due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (07/09/2014 04:47:12 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (07/09/2014 03:01:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (07/09/2014 09:32:07 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/09/2014 09:29:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/09/2014 09:26:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VIPAppService service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (11/22/2013 00:09:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5807 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (11/19/2013 10:47:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/29/2013 08:45:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 54 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/22/2013 10:28:36 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 325 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (04/17/2013 05:06:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-09 07:48:26.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-09 07:48:26.310
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 58%
Total physical RAM: 3689.96 MB
Available physical RAM: 1526.05 MB
Total Pagefile: 7378.1 MB
Available Pagefile: 4715.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:446.72 GB) (Free:367.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (PED2E) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:5.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: E1FEBBE1)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: E1FEBBEA)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
Partition 2: (Not Active) - (Size=7 GB) - (Type=73)
 
==================== End Of Log ============================


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 PM

Posted 10 July 2014 - 01:47 PM

Please run the following:

Download attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   1.7KB   2 downloads


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

NEXT

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 johnc576

johnc576
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 14 July 2014 - 09:24 AM

Hello CatByte,

 

please find the FixLog.txt contents below. I will run the next two programs and post when complete.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014
Ran by andjoh at 2014-07-14 10:23:09 Run:1
Running from C:\Users\andjoh\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: %Temp%\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6PQT12Ve1A&i=26
end
 
 
 
 
 
 
 
 
 
 
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}' => Key deleted successfully.
'HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}'=> Key not found.
 
==== End of Fixlog ====
 
Regards,
 
AJ


#9 johnc576

johnc576
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 14 July 2014 - 09:33 AM

Hello CatByte,

 

Here is the Junkware file log.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by andjoh on 14/07/2014 at 10:26:24.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1614895754-879983540-839522115-1654\Software\ib updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3283142
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_safari_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_safari_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_safari_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_safari_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "\searchprotect"
Successfully deleted: [Folder] "C:\Users\andjoh\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\andjoh\appdata\locallow\incredibar.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\perion"
Successfully deleted: [Empty Folder] C:\Users\andjoh\appdata\local\{006DB40B-3656-4DFC-AF33-C7144201B252}
Successfully deleted: [Empty Folder] C:\Users\andjoh\appdata\local\{54ED07A9-3377-4CFB-ACBC-E32AB6E803ED}
Successfully deleted: [Empty Folder] C:\Users\andjoh\appdata\local\{7394889E-2484-4B8D-A819-464F2A3D7BB9}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/07/2014 at 10:31:21.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 johnc576

johnc576
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 14 July 2014 - 09:39 AM

Hello CatByte,

 

Here is the AdwCleaner log.

 

# AdwCleaner v3.215 - Report created 14/07/2014 at 10:36:02
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : andjoh - THINKPADE530
# Running from : C:\Users\andjoh\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Adblocker
Folder Deleted : C:\Program Files (x86)\Adblocker
Folder Deleted : C:\Windows\util
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\andjoh\AppData\Local\Conduit
Folder Deleted : C:\Users\Andrew Johnson\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Andrew Johnson\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\darslo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Windows\System32\Tasks\VisualBeeRecovery
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
 
[ File : C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://mystart.incredibar.com/mb196/?loc=IB_DS&search={searchTerms}&a=6PQT12Ve1A&i=26
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
[ File : C:\Users\Andrew Johnson\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\darslo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
*************************
 
AdwCleaner[R0].txt - [5156 octets] - [14/07/2014 10:34:23]
AdwCleaner[S0].txt - [4950 octets] - [14/07/2014 10:36:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5010 octets] ##########
 
 
Regards,
 
AJ


#11 johnc576

johnc576
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 14 July 2014 - 10:22 AM

Hello CatBytes,

 

I have successfully downloaded and installed AVG Free Anti-Virus Software and it is running its first scan after updating the data base successfully. Thank you very much for all of your help here. 

 

If you have any suggestions regarding things I can do to be more proactive to protect against issues like this in the future, please let me know.

 

Regards,

 

AJ



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 PM

Posted 14 July 2014 - 11:44 AM

That's good to hear.

I'd just like to run another couple of scans to make certain there are no leftovers.

Please open your malwarebytes program, update the database and run a fresh scan, attach the new log

NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, if it shows a screen that says "Threats found!", then click "List of found threats" button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


Edited by CatByte, 21 July 2014 - 11:21 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 johnc576

johnc576
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 21 July 2014 - 06:56 AM

Hello CatByte,

 

Please find below the text of the Malware Malbytes Scan, which I had quite some difficulty getting the computer to perform -it would not update the database. So I downloaded the free trial of the premium version to get the program to work. There were three logs created, please find them below.

 

Scan Log for Jul 21 14

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/06/2014
Scan Time: 1:21:44 PM
Logfile: Malware Scan Log for Jul 21 14.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.26.07
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: andjoh
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370976
Time Elapsed: 9 min, 1 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 36
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKU\S-1-5-21-1614895754-879983540-839522115-1654-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers.1, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKU\S-1-5-21-1614895754-879983540-839522115-1025-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKU\S-1-5-21-1614895754-879983540-839522115-1654-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKU\S-1-5-21-1614895754-879983540-839522115-1025-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Yontoo.A, HKU\S-1-5-21-1614895754-879983540-839522115-1654-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1614895754-879983540-839522115-1654-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [3cd3ea935c1ff145135066e00af842be], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\IB Updater, Quarantined, [28e794e97803053192bbccf12fd36c94], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [b25dc9b4314ad66091a66a4241c13bc5], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, Quarantined, [f01ff786f98295a1014a15a8e022fb05], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\IB Updater, Quarantined, [6ea1c7b67b00fd39301db80545bd49b7], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [d73839441467bd7956e126864db51de3], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, Quarantined, [46c9710c5e1d43f3ce7d0cb15ea4e61a], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [43cc720b0e6da98da6b8bdfbef13da26], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [7798611c5c1fb87eff0500ab8082748c], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-1614895754-879983540-839522115-1654-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Quarantined, [16f99ae3126937ffc4f696558182b050], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1614895754-879983540-839522115-1654-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [f916502d106b7eb82babd1ed4db50bf5], 
PUP.Optional.Visualbee, HKU\S-1-5-21-1614895754-879983540-839522115-1654-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VisualBee for Microsoft PowerPoint, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
 
Registry Values: 5
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, Quarantined, [68a7b4c9c8b3ba7ca7c24207748ee51b], 
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, Quarantined, [68a7b4c9c8b3ba7ca7c24207748ee51b]
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, Quarantined, [68a7b4c9c8b3ba7ca7c24207748ee51b]
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, Quarantined, [4dc24f2e1a6165d16affbe8be31f0bf5], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [7798611c5c1fb87eff0500ab8082748c]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 51
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo, Quarantined, [f31c0b727605f1454b12d0e806fc8b75], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\Logs, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\Logs, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\xpi, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\xpi\defaults, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\xpi\defaults\preferences, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\GuideFiles, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Log, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\SwUpdate, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Temp, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Incredibar.A, C:\Users\andjoh\AppData\Local\Temp\mt_ffx\Incredibar.com, Quarantined, [7f9089f4e09ba19507ca08937d8524dc], 
PUP.Optional.Incredibar.A, C:\Users\andjoh\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar, Quarantined, [7f9089f4e09ba19507ca08937d8524dc], 
PUP.Optional.Incredibar.A, C:\Users\andjoh\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar\1.5.11.14, Quarantined, [7f9089f4e09ba19507ca08937d8524dc], 
PUP.Optional.Yontoo.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [15fa35483546ed4972ad9b067290fa06], 
PUP.Optional.Yontoo.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0, Quarantined, [15fa35483546ed4972ad9b067290fa06], 
PUP.Optional.Yontoo.A, C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [34dbbcc1c5b62313fb245051b0526a96], 
PUP.Optional.Yontoo.A, C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0, Quarantined, [34dbbcc1c5b62313fb245051b0526a96], 
PUP.Optional.Yontoo.A, C:\Users\darslo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [858a95e8bebd3006908fbfe2c24040c0], 
PUP.Optional.Yontoo.A, C:\Users\darslo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0, Quarantined, [858a95e8bebd3006908fbfe2c24040c0], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\Logs, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\SearchProtect, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\SearchProtect\Logs, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\UI, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\UI\rep, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
 
Files: 928
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\YontooIEClient.dll, Quarantined, [35daccb1126937ff3e1d4403e121d828], 
PUP.Optional.Babylon.A, C:\ProgramData\VisualBee\VisualBeeSoftware.exe, Quarantined, [38d76518a9d22115379fb36bf60ad42c], 
MSIL.Solimba, C:\Users\andjoh\AppData\Local\Temp\GetCC.dll, Quarantined, [19f6f28b0f6cfc3aebd658c9c9386898], 
MSIL.Solimba, C:\Users\andjoh\AppData\Local\Temp\vbmz2.exe, Quarantined, [9d721568324968ce526ff62bf20fb34d], 
PUP.Optional.Incredimail.A, C:\Users\andjoh\AppData\Local\Temp\incredibar_install.exe, Quarantined, [c14e8af348335bdb6490aa743fc1a858], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\nsxBC81.exe, Quarantined, [21ee532a7605aa8c62042df6887912ee], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\nsxDF3A.exe, Quarantined, [48c7add080fbcd69eb7b70b3649d857b], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\nsm905F.exe, Quarantined, [1bf4562718632412570f1d06e120f60a], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\nsmE69C.exe, Quarantined, [a56ad0ad95e680b672f4b3707190cc34], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\SPStub.exe, Quarantined, [c34c8eef314ad4625e44839e8081e61a], 
PUP.Optional.FreeTwitTube.A, C:\Users\andjoh\AppData\Local\Temp\Yontoo-C2.exe, Quarantined, [bc5382fbd2a90b2b9486c7c10cf5a060], 
PUP.Optional.Yontoo.A, C:\Users\andjoh\AppData\Local\Temp\YontooSetup-S.exe, Quarantined, [16f9730aa1da50e6071168b97888be42], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\ctbe.exe, Quarantined, [bb542b527a01df57beddac726d93a45c], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\ieLogic.exe, Quarantined, [838c473693e8ae88099964bd9a677b85], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\spff.exe, Quarantined, [62ad8cf1cdae46f05052978afc05e21e], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\statisticsStub.exe, Quarantined, [a36c90ed106b41f5fa2ed23a45bcb050], 
PUP.Optional.Incredbar.A, C:\Users\andjoh\AppData\Local\Temp\ImInstaller\IncrediMail\IncredibarToolbar.7z, Quarantined, [fa15fc81611a3df9fa0d1a5c847d46ba], 
PUP.Optional.Incredbar.A, C:\Users\andjoh\AppData\Local\Temp\ImInstaller\IncrediMail\IncredibarToolbar.exe, Quarantined, [36d992eb8af1bd79a7607bfb6a97a35d], 
PUP.Optional.Inredibar.A, C:\Users\andjoh\AppData\Local\Temp\ImInstaller\IncrediMail\sg_6PQT12Ve1A_active.exe, Quarantined, [b55a6716cead79bda9061e5a38c9946c], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi874C.exe, Quarantined, [35daa4d9adce91a54b29ec426f928e72], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiA8C1.exe, Quarantined, [709f6f0e1f5c85b13143c866d62b52ae], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiEE97.exe, Quarantined, [5fb0f687700bcd69e29242ec9968837d], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk2EA3.exe, Quarantined, [4dc246372d4e83b35222b975bd443fc1], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmF97E.exe, Quarantined, [907f6b12c3b846f0eb897ab4ea17ab55], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn1908.exe, Quarantined, [1ff0cab35724181ea9cb85a9847de61a], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsn2292.exe, Quarantined, [d53a9edf77044de9928a20675fa26c94], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn6A63.exe, Quarantined, [c04f126b6417e1552f45cf5f000132ce], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnCB5E.exe, Quarantined, [6aa5e7964f2c1b1b6f055ed0649d36ca], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp1EE9.exe, Quarantined, [c14e98e5077454e231439896936e5ea2], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nspC757.exe, Quarantined, [c6490f6e6f0c4ee8a0d49b93758cbe42], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqCE80.exe, Quarantined, [07088fee4c2fd75f32428da1f809a45c], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss1163.exe, Quarantined, [6ca3e19c2952de583b3954da7f8208f8], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsa7965.exe, Quarantined, [868995e88eed91a5314346e8d22fa060], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaD685.exe, Quarantined, [ef202756601bf73fa7cd43eb48b919e7], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaDCC3.exe, Quarantined, [a36c5f1e7ffc37ff037166c8c53c1ee2], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaDF81.exe, Quarantined, [76994a339ae1e056284ccf5ff40d4cb4], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd6CF9.exe, Quarantined, [927d1a63e596c670443053dbaf52d12f], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd7EF4.exe, Quarantined, [a768e09d225961d5274d0c223fc28878], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd9965.exe, Quarantined, [828d215c334867cf9ed6c965c43d15eb], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd9966.exe, Quarantined, [e827720b5b20c472383c012d04fd7b85], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nstE32D.exe, Quarantined, [719e7b026b10063061bb503751b0817f], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nstF180.exe, Quarantined, [9f70017cff7cad8929f36e193bc6d828], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv28D5.exe, Quarantined, [3ad5b6c75625f73f87ed50de5da48080], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx1182.exe, Quarantined, [54bb9ae3e893b77fda9adc52d62bde22], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx8F47.exe, Quarantined, [d13edba2403b67cfc8ac15198f72f30d], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsxF875.exe, Quarantined, [9e71a0dd3d3ebf771309e5a257aa49b7], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsy1B67.exe, Quarantined, [7798235a304b8caa9cca28fb91707987], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsf28C5.exe, Quarantined, [709f7d008cefd264a4d069c535ccb14f], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsfCE8F.exe, Quarantined, [818eec9177043bfb393b979728d9c63a], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsgC083.exe, Quarantined, [d53a6e0f2a51ce68fe76b57944bd7888], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh60B9.exe, Quarantined, [20ef94e9abd04ee8de960f1f629f1ee2], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh60BA.exe, Quarantined, [ca459be24e2d2511da9a2fff3cc54db3], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshBA00.exe, Quarantined, [aa65c3ba96e54beb5e16bf6f3ec351af], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshE14D.exe, Quarantined, [010e1667e596c76f5b19bf6f7091b749], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshF3E4.exe, Quarantined, [a46bd4a96c0f86b05024b17d16eb2cd4], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi15DC.exe, Quarantined, [d837601d3744a393ed87a48af50c34cc], 
PUP.Optional.Babylon.A, C:\Users\andjoh\AppData\Local\VisualBeeExe\MyBabylonTB.exe, Quarantined, [f9161e5f89f2f244c3130816eb159e62], 
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\YontooLayers.crx, Quarantined, [f31c0b727605f1454b12d0e806fc8b75], 
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\OptChrome.exe, Quarantined, [f31c0b727605f1454b12d0e806fc8b75], 
PUP.Optional.Incredibar.A, C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, Quarantined, [1ff07b02f685f3438dbdc4f980829f61], 
PUP.Optional.Incredibar.A, C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal, Quarantined, [fe11d5a863183204c981ab120ef40df3], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\Temp\VisualBeeSilent.exe, Quarantined, [5fb0ea93691294a21609458de81aa15f], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389902761782, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390830415711, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391026670074, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391026675690, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391456089390, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391456089422, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [cf40aad3c7b4f1451f3c7b75c63d20e0], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\chromeid.txt, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\conduit.xml, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\CT3283142.xpi, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\ddt.csf, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\setup.ini.txt, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\version.txt, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\xpi\install.rdf, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Conduit.A, C:\Users\andjoh\AppData\Local\Temp\CT3283142\xpi\defaults\preferences\defaults.js, Quarantined, [8c83344985f6171f5ad6deb55fa3dc24], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\ClientComServices.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\ClientSoftwareUpdate.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\ClientUtilities.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\conduitinstaller.exe, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Demo.pptx, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\DocumentFormat.OpenXml.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Domain.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\IComService.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\IDBService.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Ionic.Zip.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Microsoft.Office.Interop.SmartTag.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Advisor.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Analysis.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Analyzer.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Builder.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Cleaner.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Database.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Designer.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Downloader.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Engine.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_EngineGlobals.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Extractor.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_ExtraGlobals.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_HunposHelper.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_ImageManipulator.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_MessageForm.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Presentation.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_SendLogFile.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Share.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_SmartArtLib.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_WordNetHelper.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_ZoomPanel.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\SlideShareAPI.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\uninst.exe, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeAbout.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeAccount.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeClient.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeClient.dll.config, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeClient.dll.manifest, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeClient.vsto, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeEnhance.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeLibrary.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeMyLogo.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VBeeWebSearch.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\WordNetClasses.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\ISwUpdateService.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Design.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\N_Normalizer.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\adj.exc, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\adv.exc, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\cntlist, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\cntlist.rev, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\cygwin1.dll, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\data.adj, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\data.adv, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\data.noun, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\data.verb, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\english.model, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\frames.vrb, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\hunpos-tag.exe, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\index.adj, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\index.adv, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\index.noun, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\index.sense, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\index.verb, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\log.grind.2.1, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\noun.exc, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\sentidx.vrb, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\sents.vrb, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\verb.exc, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\Dic-Eng\verb.Framestext, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\GuideFiles\License.rtf, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\GuideFiles\ProcessGuide.rtf, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeExe\GuideFiles\SelectSlidesGuide.rtf, Quarantined, [e02f2e4f94e7a1958cc21e76768c9a66], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 colors 01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 colors 01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 colors 01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 05_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 05_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 05_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 06_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 06_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 06_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 07_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 07_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 08_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 08_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 08_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_blue_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_blue_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_blue_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_book_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_book_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_book_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_pink_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_pink_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_pink_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\3 Colors 07_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\BaloonGirl_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\BaloonGirl_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\BaloonGirl_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ChineseDoll_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ChineseDoll_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ChineseDoll_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Christmas1_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Christmas1_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Christmas1_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Christmas2_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Christmas2_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Christmas2_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics05_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics05_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics05_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics06_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics06_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Comics06_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Classic_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Classic_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Classic_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Desert_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Desert_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Desert_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Earth_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Earth_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Earth_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Flower_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Flower_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Flower_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Sky_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Sky_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Sky_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Sport_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Sport_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Sport_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Urban_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Urban_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Guga_Urban_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\HandShake_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\HandShake_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\HandShake_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_A_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_A_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_A_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_B_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_B_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_B_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_C_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_C_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_C_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_D_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_D_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Large_title_D_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\logo.png, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Painting_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Painting_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Painting_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Background.png, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Background_v35.png, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy1.png, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy2.png, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy3.png, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ShipsComing_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ShipsComing_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ShipsComing_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Simple 04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\SunFlower_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\SunFlower_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\SunFlower_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T105_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T105_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T105_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T107_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T107_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T107_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T109_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T109_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T109_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T115_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T115_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T115_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T116_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T116_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T116_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T119_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T119_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T119_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T120_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T120_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T120_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T121_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T121_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T121_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T202_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T202_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T202_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T203_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T203_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T203_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T205_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T205_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T205_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T207_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T207_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T207_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T211_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T211_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T211_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T213_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T213_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T213_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T218_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T218_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T218_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T219_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T219_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T219_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T220_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T220_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T220_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T301_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T301_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T301_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T302_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T302_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T302_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T303_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T303_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T303_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T304_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T304_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T304_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T305_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T305_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T305_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T306_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T306_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T306_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T307_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T307_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T307_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T308_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T308_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T308_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T309_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T309_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T309_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T311_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T311_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T311_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T312_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T312_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T312_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T313_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T313_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T313_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T314_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T314_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T314_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T316_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T316_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T316_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T317_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T317_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T317_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T318_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T318_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T318_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T319_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T319_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T319_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T320_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T320_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T320_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T322_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T322_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T322_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T324_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T324_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T324_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T325_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T325_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T325_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T326_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T326_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T326_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T327_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T327_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\T327_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Teenage_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Teenage_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp05_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp05_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp05_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp06_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp06_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp06_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp07_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp07_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp08_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp08_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp08_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp09_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp09_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp09_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp10_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp10_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp10_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp11_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp11_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp11_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp12_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp12_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp12_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Teenage_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp07_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp13_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp18_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11E_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11J_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\VisualBeeLogo.png, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y103_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y307_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y319_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y327_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp13_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp13_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp14_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp14_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp14_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp15_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp15_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp15_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp16_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp16_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp16_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp17_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp17_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp17_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp18_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp18_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp19_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp19_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp19_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp20_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp20_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ThinkUp20_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11A_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11A_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11A_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11B_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11B_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11B_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11C_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11C_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11C_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11D_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11D_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11D_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11E_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11E_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11F_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11F_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11F_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11G_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11G_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11G_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11H_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11H_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11H_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11I_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11I_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11I_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11J_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11J_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11K_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11K_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11K_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11L_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11L_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11L_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11M_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11M_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11M_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11N_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11N_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Typo11N_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Watching_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Watching_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Watching_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\WeddingSoon_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\WeddingSoon_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\WeddingSoon_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\WindGirl_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\WindGirl_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\WindGirl_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y101_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y101_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y101_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y103_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y103_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y305_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y305_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y305_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y306_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y306_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y306_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y307_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y307_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y308_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y308_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y308_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y312_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y312_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y312_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y319_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y319_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y323_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y323_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y323_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y324_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y324_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y324_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y327_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y327_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y330_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y330_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y330_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y332_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y332_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y332_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y333_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y333_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y333_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y335_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y335_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y335_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y336_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y336_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\Y336_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplate_Background.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\myTemplate_Button.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_smart.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_text.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_thumb.jpg, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\checksum.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\Layouts.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\LayoutsSchema.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\PublicImages.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\PublicImagesKeywords.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\PublicImagesKeywordsSchema.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\PublicImagesSchema.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\Schemes.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\SchemesSchema.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\Slides.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\SlidesKeywords.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\SlidesKeywordsSchema.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\LocalDB\SlidesSchema.vdb, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Visualbee, C:\Users\andjoh\AppData\Local\VisualBeeClient\Log\VBeeClientLogFile.txt, Quarantined, [2fe0b0cd3f3c5cda103f8e06a959ce32], 
PUP.Optional.Yontoo.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\back.js, Quarantined, [15fa35483546ed4972ad9b067290fa06], 
PUP.Optional.Yontoo.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\background.html, Quarantined, [15fa35483546ed4972ad9b067290fa06], 
PUP.Optional.Yontoo.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\manifest.json, Quarantined, [15fa35483546ed4972ad9b067290fa06], 
PUP.Optional.Yontoo.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\y2_48.png, Quarantined, [15fa35483546ed4972ad9b067290fa06], 
PUP.Optional.Yontoo.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\yl.js, Quarantined, [15fa35483546ed4972ad9b067290fa06], 
PUP.Optional.Yontoo.A, C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\background.html, Quarantined, [34dbbcc1c5b62313fb245051b0526a96], 
PUP.Optional.Yontoo.A, C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\manifest.json, Quarantined, [34dbbcc1c5b62313fb245051b0526a96], 
PUP.Optional.Yontoo.A, C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\y2_48.png, Quarantined, [34dbbcc1c5b62313fb245051b0526a96], 
PUP.Optional.Yontoo.A, C:\Users\andjoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\yl.js, Quarantined, [34dbbcc1c5b62313fb245051b0526a96], 
PUP.Optional.Yontoo.A, C:\Users\darslo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\background.html, Quarantined, [858a95e8bebd3006908fbfe2c24040c0], 
PUP.Optional.Yontoo.A, C:\Users\darslo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\manifest.json, Quarantined, [858a95e8bebd3006908fbfe2c24040c0], 
PUP.Optional.Yontoo.A, C:\Users\darslo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\y2_48.png, Quarantined, [858a95e8bebd3006908fbfe2c24040c0], 
PUP.Optional.Yontoo.A, C:\Users\darslo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js, Quarantined, [858a95e8bebd3006908fbfe2c24040c0], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
PUP.Optional.SearchProtect.A, C:\Users\andjoh\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [23ec6f0e26555ed8b9eff1b7e0229868], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Daily Protection Log 1 for Jul 21 14
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 26/06/2014 1:20:17 PM, SYSTEM, THINKPADE530, Manual, Rootkit Database, 2014.2.20.1, 2014.6.23.2, 
Update, 26/06/2014 1:20:57 PM, SYSTEM, THINKPADE530, Manual, Malware Database, 2014.3.4.9, 2014.6.26.7, 
 
(end)
 
Daily Protection Log 2 for Jul 21 14
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 21/07/2014 7:32:08 AM, SYSTEM, THINKPADE530, Manual, Rootkit Database, 2014.6.23.2, 2014.7.17.1, 
Error, 21/07/2014 7:33:36 AM, SYSTEM, THINKPADE530, Manual, 0, 
Protection, 21/07/2014 7:47:01 AM, SYSTEM, THINKPADE530, Protection, Malware Protection, Starting, 
Protection, 21/07/2014 7:47:01 AM, SYSTEM, THINKPADE530, Protection, Malware Protection, Started, 
Protection, 21/07/2014 7:47:01 AM, SYSTEM, THINKPADE530, Protection, Malicious Website Protection, Starting, 
Protection, 21/07/2014 7:47:17 AM, SYSTEM, THINKPADE530, Protection, Malicious Website Protection, Started, 
Detection, 21/07/2014 7:47:45 AM, andjoh, THINKPADE530, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Allow, [66e320dfa7d353e3ed48daae3bc78e72]
Detection, 21/07/2014 7:47:52 AM, SYSTEM, THINKPADE530, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Quarantine, [c287cf30106ab284c86d8afeaf535ea2]
Protection, 21/07/2014 7:47:52 AM, SYSTEM, THINKPADE530, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, 
Error, 21/07/2014 7:47:52 AM, SYSTEM, THINKPADE530, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, 
Detection, 21/07/2014 7:48:09 AM, SYSTEM, THINKPADE530, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Quarantine, [66e320dfa7d353e3ed48daae3bc78e72]
Detection, 21/07/2014 7:48:22 AM, andjoh, THINKPADE530, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Quarantine, [56f329d67cfed1658baa13759171837d]
 
(end)

 

I will go on to run the ESET scan and post the results shortly.

 

Regards,

 

AJ



#14 johnc576

johnc576
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 21 July 2014 - 07:40 AM

Hello CatByte,

 

Please find the log files from the ESET online scan below. I tried to follow your directions to the letter, but it seems the interface options have changed a little. I ran the program in internet explorer as that was what the program suggested when I clicked on the link in Chrome.

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Adblocker\_Gg7c.dll.vir a variant of Win32/AdWare.MultiPlug.AG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Adblocker\kgbs0P.exe.vir a variant of Win32/AdWare.MultiPlug.AG application cleaned by deleting - quarantined
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll probably a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted (after the next restart) - quarantined
C:\Users\andjoh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PS7JHWY4\PCHealthKit-standard[1].exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Users\andjoh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PS7JHWY4\sp-downloaderB[1].exe Win32/Toolbar.Conduit.R potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB61NYJY\spstub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZVXX2UUU\SPSetup[1].exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Temp\air7CFD.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Users\andjoh\AppData\Local\Temp\airF5A3.exe Win32/Toolbar.Conduit.R potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Temp\nsd51EF.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Temp\nsi5605.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Temp\nsn30A5.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Temp\nss33D1.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Temp\nss927.tmp a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Temp\setup.exe a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Users\andjoh\AppData\Local\Temp\04b93698\temp\BITC375.tmp a variant of Win32/SProtector.H potentially unwanted application deleted - quarantined
C:\Users\andjoh\Downloads\avg-web-tuneup.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Users\andjoh\Downloads\malwarebytes.exe a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
Operating memory a variant of Win32/Conduit.SearchProtect.H potentially unwanted application contained infected files
 
 
Regards,
 
AJ


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 PM

Posted 21 July 2014 - 11:25 AM

Do you have a license for Malwarebytes?

If so, you might want to do a clean install of the program using the mbamclean tool

Follow the instructions here:

https://forums.malwarebytes.org/index.php?/topic/122284-mbam-clean-removal-process/#entry644441

How is the computer running now, are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users