Teralax

Sounds good. I wasn't sure if I could do that. Thanks

It's not that it had multiple svchost. It was using > 90% of the cpu. I was able to update the Windows update agent, and then ran the readiness tool which took all night but it repaired a lot of stuff. Windows Updates then ran and now cpu is sitting at 1% usage when idle. I think we might be clean. Here are the logs. Addition.txt FRST.txt

Any other suggestions? Any other reports needed?

Still running slow with the svchost process using lots of cpu.

ESET ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=9284d11b8387234198d2394b47004d5a # end=init # utc_time=2017-08-18 07:18:06 # local_time=2017-08-18 02:18:06 (-0600, Central Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 34446 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=9284d11b8387234198d2394b47004d5a # end=updated # utc_time=2017-08-18 07:23:33 # local_time=2017-08-18 02:23:33 (-0600, Central Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=9284d11b8387234198d2394b47004d5a # engine=34446 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2017-08-19 04:58:56 # local_time=2017-08-18 11:58:56 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton Security *' # compatibility_mode=3603 16777213 100 86 774782 2965560 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 66 85 128520110 254662186 0 0 # scanned=419494 # found=5 # cleaned=5 # scan_time=34522 sh=325E731D317FB0D81FE28FD4545062D09C7589E3 ft=1 fh=60deeae98ff4a745 vn="a variant of Win32/AdInstaller potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\mzlindaniles\Documents\Dictionary\DictionaryBoss.exe" sh=3B6118F8F80E489613A7DA50479B702DEBB39804 ft=1 fh=778c92552a6808c4 vn="a variant of Win32/Adware.Coupons.AA application (cleaned by deleting)" ac=C fn="C:\Users\mzlindaniles\Downloads\CouponPrinter.exe" sh=5824B8D927C533484F6499CF201F9AFFE8F21E1F ft=1 fh=1d005e947f2a5474 vn="a variant of Win32/Adware.Coupons.AA application (cleaned by deleting)" ac=C fn="C:\Users\mzlindaniles\Downloads\CouponPrinterCPS.exe" sh=EA0EE3C9B4FB6B2B00B0074C1F5303291FF081B9 ft=1 fh=e40dd9938df1a373 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Windows\Installer\MSI48B4.tmp" sh=D65FE023EE548A502ECD63616B9C3FDE31214469 ft=1 fh=15c731add8118119 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Windows\Installer\MSIDE97.tmp"

ADWcleaner log. The other scan is still running right now and I will post that later. # AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 18 19:07:31 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: BeFrugal.com Service ***** [ Folders ] ***** Deleted: C:\Users\mzlindaniles\AppData\LocalLow\HPAppData Deleted: C:\Users\mzlindaniles\AppData\Roaming\iWin Deleted: C:\Users\mzlindaniles\AppData\LocalLow\Toolbar4 Deleted: C:\Users\mzlindaniles\AppData\Roaming\Yahoo!\Companion Deleted: C:\ProgramData\apn Deleted: C:\ProgramData\Application Data\apn Deleted: C:\Users\All Users\apn Deleted: C:\Users\mzlindaniles\AppData\LocalLow\Inbox Toolbar Deleted: C:\Program Files (x86)\Crawler Deleted: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 Deleted: C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log Deleted: C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} Deleted: C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log Deleted: C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log Deleted: C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log Deleted: C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log Deleted: C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} Deleted: C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log Deleted: C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Deleted: C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Deleted: C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log ***** [ Files ] ***** Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Deleted: C:\Users\All Users\Desktop\eBay.lnk Deleted: C:\Users\Public\Desktop\eBay.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Image File Execution Options%s keys deleted ::Prefetch files deleted ::Proxy settings cleared ::TCP/IP settings cleared ::Firewall rules cleared ::IPSec settings cleared ::BITS queue cleared ::IE policies deleted ::Chrome policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [4371 B] - [2017/8/18 19:5:11] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

I have a system that I have scanned with Malwarebytes to remove some things but the system is still running slow with svchost using a very high % of cpu. Attached are the FRST, Addition, and malwarebytes logs. Addition.txtmalwarebytes.txtFRST.txt

I can't donate at this time but will at some point. All is clear, thanks for the help.

Thanks so much for the help.

Try it again. Other scans were clean so I think we are good. TDSSKiller.3.0.0.41_09.11.2014_15.40.33_log.txt

I had attached that file last time so I'm not sure what happened to it. Here it is again.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01 Ran by Karol's Krafts (administrator) on KAROLSKRAFTS-HP on 09-11-2014 16:00:59 Running from G:\Malware Removal\Farbar Loaded Profile: Karol's Krafts (Available profiles: Karol's Krafts) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6B34797B52FBCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US SearchScopes: HKLM - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Tcpip\Parameters: [DhcpNameServer] 208.67.220.222 208.67.220.220 192.168.2.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll No File FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-18] Chrome: ======= CHR Profile: C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08] CHR Extension: (Google Wallet) - C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed] R2 MSSQLSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2006-08-22] (SafeNet, Inc.) R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-12-21] (SafeNet, Inc) S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.) S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-09] (SafeNet Inc.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-09] (SafeNet Inc.) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1863720 2012-06-01] () S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 15:59 - 2014-11-09 15:59 - 00006830 _____ () C:\Users\Karol's Krafts\Desktop\JRT.txt 2014-11-09 15:54 - 2014-11-09 15:54 - 00000000 ____D () C:\Windows\ERUNT 2014-11-09 15:48 - 2014-11-09 15:52 - 00000000 ____D () C:\AdwCleaner 2014-11-04 20:35 - 2014-11-09 16:01 - 00000000 ____D () C:\FRST 2014-11-04 20:22 - 2014-11-04 20:22 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-04 20:22 - 2014-11-04 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-04 20:21 - 2014-11-09 15:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-04 20:21 - 2014-11-08 07:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-04 20:21 - 2014-11-07 06:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-04 20:21 - 2014-11-07 06:13 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-03 13:56 - 2014-11-03 13:56 - 00000046 _____ () C:\Users\Karol's Krafts\AppData\Roaming\WB.CFG 2014-11-02 23:08 - 2014-11-02 23:08 - 00000000 ____D () C:\Users\Karol's Krafts\.android 2014-11-02 22:48 - 2014-11-02 22:48 - 00001087 _____ () C:\Users\Karol's Krafts\Desktop\Continue Kik Installation.lnk 2014-11-02 21:25 - 2014-11-02 21:25 - 00000000 ___HD () C:\Users\Public\Temp 2014-10-21 22:25 - 2014-11-02 21:40 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9C26C7D-FDD4-47AE-AABB-0FDAEA98B6D2} 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ____D () C:\Users\Guest 2014-10-21 00:08 - 2013-01-01 16:08 - 00000000 ____D () C:\Users\Guest\Documents\Visual Studio 2008 2014-10-21 00:08 - 2012-11-03 21:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help 2014-10-15 20:29 - 2014-10-15 21:08 - 00000000 ____D () C:\Users\Karol's Krafts\Desktop\Embroidery Files 2014-10-15 19:10 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 19:10 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 19:10 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 19:10 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 19:10 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 19:10 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 19:10 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 19:10 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 19:10 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 19:10 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 19:10 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 19:10 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 19:10 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 19:10 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 19:10 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 19:10 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 19:10 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 19:10 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 19:10 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 19:10 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 19:10 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 19:10 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 19:10 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 19:10 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 19:10 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 19:10 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 19:10 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 19:10 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 19:10 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 19:10 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 19:10 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 19:10 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 19:10 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 19:10 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 19:10 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 19:10 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 19:10 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 19:10 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 19:10 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 19:10 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 19:10 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 19:10 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 19:10 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 19:10 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 19:10 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 19:10 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 19:10 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 19:10 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 19:10 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 19:10 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 19:09 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 19:09 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 19:09 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 19:09 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 19:09 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 19:07 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 19:07 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 19:07 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 19:07 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 19:07 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 19:07 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 19:07 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 19:07 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 19:07 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 19:07 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 19:06 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 19:06 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 16:00 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-09 16:00 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-09 15:59 - 2009-07-13 23:13 - 00848842 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-09 15:57 - 2012-05-07 17:12 - 01788921 _____ () C:\Windows\WindowsUpdate.log 2014-11-09 15:52 - 2013-06-22 20:39 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForKarol's Krafts.job 2014-11-09 15:52 - 2013-02-11 22:03 - 00025028 _____ () C:\Windows\setupact.log 2014-11-09 15:52 - 2013-02-11 22:02 - 01120150 _____ () C:\Windows\PFRO.log 2014-11-09 15:52 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-09 15:50 - 2013-06-22 20:39 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarol's Krafts 2014-11-09 15:50 - 2012-08-18 18:41 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-09 15:42 - 2012-08-10 19:53 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B64AD4A8-D89C-42CD-9076-124118D592E3} 2014-11-08 07:22 - 2013-09-27 21:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-07 21:01 - 2014-03-25 15:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-06 05:24 - 2012-05-07 17:24 - 00000000 ____D () C:\ProgramData\Norton 2014-11-04 20:21 - 2013-09-27 21:46 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-04 20:14 - 2011-07-12 21:37 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-04 19:12 - 2014-03-25 15:46 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-04 19:12 - 2014-03-25 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-04 19:12 - 2014-03-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-03 20:05 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-11-03 19:52 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini 2014-11-02 23:08 - 2012-08-10 19:43 - 00000000 ____D () C:\Users\Karol's Krafts 2014-11-02 21:37 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-11-02 21:24 - 2012-08-17 20:18 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\CrashDumps 2014-10-28 05:34 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-21 23:58 - 2013-02-10 22:03 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\Spotify 2014-10-21 22:48 - 2013-02-10 22:04 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\Spotify 2014-10-21 03:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-21 01:33 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow 2014-10-21 01:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration 2014-10-20 23:14 - 2009-07-13 23:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-20 15:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-10-16 20:02 - 2009-07-13 22:45 - 00433288 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 19:58 - 2014-05-13 07:52 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 19:35 - 2012-11-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 19:28 - 2013-08-17 04:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 19:21 - 2012-10-28 15:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 12:39 - 2011-07-12 21:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2014-10-14 11:53 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp Some content of TEMP: ==================== C:\Users\Karol's Krafts\AppData\Local\Temp\Quarantine.exe C:\Users\Karol's Krafts\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-06 20:05 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01 Ran by Karol's Krafts at 2014-11-09 16:02:14 Running from G:\Malware Removal\Farbar Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) FUTURA SES1000 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.6 - ) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company) Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation) CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - JP (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CreativeStudio (HKLM-x32\...\{319A4F81-CBD7-48EF-91CF-03651E6EFB9B}) (Version: 4.2.0 - Statler Stitcher) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Galil DMC .Net API for Visual Studio 2005 (HKLM-x32\...\{072E9B7C-850B-4397-B104-098170742FAF}) (Version: 2.0.0.0 - Galil Motion Control) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}) (Version: 4.1.7.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Sentinel Protection Installer 7.3.2 (HKLM-x32\...\{EDFE2142-CFB3-44AB-A961-DE85F6408A28}) (Version: 7.3.2 - SafeNet, Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) Spotify (HKU\S-1-5-21-3278930305-513671393-255404018-1000\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 21-10-2014 05:11:33 Restore Operation 21-10-2014 05:39:15 Windows Backup 21-10-2014 05:40:34 Restore Operation 21-10-2014 10:26:26 Windows Backup 25-10-2014 06:17:06 Windows Update 28-10-2014 23:44:14 Windows Backup 01-11-2014 02:08:46 Windows Update 03-11-2014 02:02:54 Windows Backup 04-11-2014 02:03:39 Removed BlueStacks Notification Center 05-11-2014 01:06:19 Windows Update 05-11-2014 02:10:09 Removed Java SE Runtime Environment 6 Update 1 05-11-2014 02:13:33 Removed Adobe Reader X (10.1.7) MUI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {001B574F-D9C2-424E-BF80-973C2FDCF8C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: {365081E8-61DF-4B7E-BC76-094BBFC4FC98} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink) Task: {487EBD0B-81CD-4B50-9D1C-D6CA374CCDE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company) Task: {56C0E808-0F50-4D4E-9C83-93F39D01AA35} - System32\Tasks\HPCeeScheduleForKarol's Krafts => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {7E29630D-29D5-4C32-8A44-6B1C9CA443E0} - System32\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {9A25F1A8-AAB8-48A6-9A4A-97BA8645E065} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {A84104BC-C353-486C-ADBC-3C8CFB201EFB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {B2D2F68C-71A1-40A1-B2DB-A76B34938914} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {C767E5C2-BEA1-4A9E-B9B1-FA2F92F1A2CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {D04B6F09-0E0D-41EF-AD7A-F61C1FCBC876} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard) Task: {D290C98A-F1F1-4276-9995-7658CDFADDDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company) Task: {FDCA346F-E531-4653-A2F3-CA0A497E0198} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForKarol's Krafts.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-16 20:36 - 2014-10-16 20:36 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2012-05-07 17:13 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61844844.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61844844.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3278930305-513671393-255404018-500 - Administrator - Disabled) Guest (S-1-5-21-3278930305-513671393-255404018-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3278930305-513671393-255404018-1008 - Limited - Enabled) Karol's Krafts (S-1-5-21-3278930305-513671393-255404018-1000 - Administrator - Enabled) => C:\Users\Karol's Krafts ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Sentinel64 Description: Sentinel64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Sentinel64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-02-05 00:06:51.163 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-05 00:06:51.073 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.424 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.315 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.543 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.449 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.265 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.171 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.953 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.859 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Celeron® CPU B800 @ 1.50GHz Percentage of memory in use: 49% Total physical RAM: 1899.86 MB Available physical RAM: 960.71 MB Total Pagefile: 3799.72 MB Available Pagefile: 2534.31 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:279.47 GB) (Free:206.05 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:2.88 GB) FAT32 Drive g: (BOOT) (Removable) (Total:0.98 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E9B0A126) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 1008.5 MB) (Disk ID: 007BA292) Partition 1: (Active) - (Size=1008 MB) - (Type=0C) ==================== End Of Log ============================

# AdwCleaner v4.101 - Report created 09/11/2014 at 15:51:54 # Updated 09/11/2014 by Xplode # Database : 2014-11-07.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Karol's Krafts - KAROLSKRAFTS-HP # Running from : G:\Malware Removal\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Online Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\ExtiriaShoPpeir Folder Deleted : C:\ProgramData\GoldenCoupon Folder Deleted : C:\ProgramData\PrionceCoeuupon Folder Deleted : C:\ProgramData\RoyAlCouPOn Folder Deleted : C:\ProgramData\ShoPpErMAsteru Folder Deleted : C:\Program Files (x86)\MyWebSearch Folder Deleted : C:\Program Files (x86)\PrionceCoeuupon Folder Deleted : C:\Users\Karol's Krafts\AppData\Local\PackageAware Folder Deleted : C:\Users\Karol's Krafts\AppData\LocalLow\Delta Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\Babylon Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\pccustubinstaller Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\PerformerSoft Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\serv Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\Strongvault Folder Deleted : C:\Users\Karol's Krafts\Documents\Optimizer Pro Folder Deleted : C:\Users\Public\Documents\iWin File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\Karol's Krafts\Desktop\SpeedAnalysis.lnk File Deleted : C:\Users\Karol's Krafts\Desktop\Sync Folder.lnk ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout Key Deleted : HKLM\SOFTWARE\Classes\.bdc Key Deleted : HKLM\SOFTWARE\Classes\.bgl Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Key Deleted : HKLM\SOFTWARE\Classes\PrincECCoauPon.PrincECCoauPon Key Deleted : HKLM\SOFTWARE\Classes\PrincECCoauPon.PrincECCoauPon.1.5 Key Deleted : HKCU\Software\5a2db8fe63eeb10 Key Deleted : HKLM\SOFTWARE\5a2db8fe63eeb10 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCU\Software\Compete Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\filescout Key Deleted : HKCU\Software\MyWebSearch Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\CompeteInc Key Deleted : HKLM\SOFTWARE\FocusInteractive Key Deleted : HKLM\SOFTWARE\Fun Web Products Key Deleted : HKLM\SOFTWARE\InstallCore Key Deleted : HKLM\SOFTWARE\MyWebSearch Key Deleted : HKLM\SOFTWARE\NpApp Key Deleted : HKLM\SOFTWARE\systweak Key Deleted : HKLM\SOFTWARE\Tutorials Key Deleted : HKLM\SOFTWARE\Uniblue Key Deleted : HKLM\SOFTWARE\Upt Key Deleted : HKLM\SOFTWARE\WinUpd Key Deleted : HKLM\SOFTWARE\SI-App Key Deleted : HKLM\SOFTWARE\RST Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Key Deleted : [x64] HKLM\SOFTWARE\Upt Key Deleted : [x64] HKLM\SOFTWARE\WinUpd Key Deleted : [x64] HKLM\SOFTWARE\SI-App Key Deleted : [x64] HKLM\SOFTWARE\RST Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v38.0.2125.111 [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ch [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ch [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_44_ie&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyD0A0CtByE0F0BtByB0AtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0ByDtCyDyE0EtGtAzy0F0CtGyD0AyCyDtGzytA0C0AtGyDtD0AyCyCtBtB0C0A0Ezz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDtC0EtD0C0A0AtGzytA0BzztGyEtC0DyCtG0B0A0B0DtGyCzztC0CtAtAyEyD0A0FtDzy2Q&cr=1885302309&ir= -\\ Chromium v [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ch [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ch [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_44_ie&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyD0A0CtByE0F0BtByB0AtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0ByDtCyDyE0EtGtAzy0F0CtGyD0AyCyDtGzytA0C0AtGyDtD0AyCyCtBtB0C0A0Ezz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDtC0EtD0C0A0AtGzytA0BzztGyEtC0DyCtG0B0A0B0DtGyCzztC0CtAtAyEyD0A0FtDzy2Q&cr=1885302309&ir= ************************* AdwCleaner[R0].txt - [13660 octets] - [09/11/2014 15:48:15] AdwCleaner[s0].txt - [14910 octets] - [09/11/2014 15:51:54] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14971 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.7 (11.08.2014:1) OS: Windows 7 Home Premium x64 Ran by Karol's Krafts on Sun 11/09/2014 at 15:54:41.90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3278930305-513671393-255404018-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\BetterPriceChec Successfully deleted: [Folder] C:\ProgramData\saverneit Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{03F82449-67EC-40BE-AA0F-15C263C624C9} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{04E0B190-E774-4884-8A3F-43F8B04CE90A} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{05801566-0B4A-4DEC-9715-04B02F686FD5} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{0D272D21-627B-481D-A453-F87371187DDF} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{14C4F433-9329-4026-A80C-32C79116DB23} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{165D131F-EC83-45B9-BDB6-2F9D84A43024} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{219BB496-A0CD-4C9E-BCD5-673E0F9C2083} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{2524B21B-0D2A-4BA8-989A-9F26C3B8C8F6} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{28CE29BF-749C-4B57-9707-0A8C6C2CEE2D} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{2FBEBB1C-6BA7-4B03-A721-ED9E0692A5CD} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{3E313BBD-F76F-407F-A7A5-F764AE7557F5} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{471D9E57-19D0-4654-8A9E-01C1B35288F9} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{5320213D-48BB-4DA1-9712-B5C016B4E164} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{57AAAD3E-F5A1-468B-B423-6009136DFCEE} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{5ADE26EB-DC04-4FC1-92EE-54F43C1FDC6A} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{5C9264AA-8977-42DF-99C5-0961DCC7136D} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{5F9BA2CF-2D64-4EF1-B16F-575C59043E10} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{62549F80-65D0-4908-A55D-CB826B68779B} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{62907825-1AF4-4C21-B158-D7A7BA4C8346} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{6604B43B-32CB-47F4-942F-E160CB1E3D2E} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{697DE168-4B44-4E68-9332-6C8981F90B57} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{6E373CB8-90E2-4D23-9A82-B3229A2E454E} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{73645B0D-A226-48DE-8C1E-3436B50FBE4C} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{76E58B61-D425-4F3E-84C5-786B2898AFAC} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{7B4DB67D-DAB8-4A86-B476-013ED5E63115} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{7C5BA1AE-49DD-495C-9B56-2D0EF0BA2482} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{7DAC8E46-F040-4102-93F7-61E5E82C740B} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{8993DD2A-1FE3-435B-A9FD-528DC9EFE0E9} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{8BBB14F0-EA82-4D88-8409-FDBE231E839B} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{950F8BD9-ECDF-4E8C-A556-63F892449C0C} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{9CF3E279-4A59-4364-884A-A9C1845516CC} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{9FE981E5-F8DB-4537-B588-CACABF5FDE23} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{B5876851-AD2D-4D22-92C7-23C6BB32CCB0} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{B6B1B15F-E426-4795-BD2F-390A3B3F68D8} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{BDAF0920-6DCD-4CFD-B353-B62E67D2BE4D} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{C127E86F-8636-46B6-BAC9-F6990B755F26} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{CE93002D-D08F-48D6-8FD4-70D4F29EB0BF} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{DFB0D789-58E5-4B1B-A948-CAC9148318E0} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{ED90E67D-CB23-463B-BE19-AF73B1723B88} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{EF007199-2B14-47C4-B422-9A7F53F9F9D7} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{F77D224D-2BFD-4312-9A5B-A7CDD79C301B} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{FAEC5551-53C3-4D91-AE43-3C1682A24A04} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 11/09/2014 at 15:59:30.92 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The code ran fine and the browsers reset. Can now access the internet. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01 Ran by Karol's Krafts at 2014-11-08 06:30:13 Run:2 Running from G:\Malware Removal\Farbar Loaded Profile: Karol's Krafts (Available profiles: Karol's Krafts) Boot Mode: Normal ============================================== Content of fixlist: ***************** start SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms} S2 MaintainerSvc6.37.565328; "C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe" [X] C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 2014-11-02 13:45 - 2014-11-02 13:46 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{DFA69DAE-5C3A-40A4-B91F-27C9B1828084} 2014-11-02 13:44 - 2014-11-02 13:44 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{D29D090B-AE65-4F34-A820-6B770BE64CDA} 2014-11-02 13:42 - 2014-11-02 13:42 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{9D94E47E-D26C-4574-946C-5D251968FCA6} 2014-10-31 20:20 - 2014-10-31 20:21 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{827691BE-BB6E-465C-A162-577453AC7C98} C:\ProgramData\adf80ae5fb1c0699 2014-11-07 06:09 - 2013-03-23 22:38 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\SpeedanAlysis EmptyTemp: end ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully. MaintainerSvc6.37.565328 => Service not found. "C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7" => File/Directory not found. C:\Users\Karol's Krafts\AppData\Local\{DFA69DAE-5C3A-40A4-B91F-27C9B1828084} => Moved successfully. C:\Users\Karol's Krafts\AppData\Local\{D29D090B-AE65-4F34-A820-6B770BE64CDA} => Moved successfully. C:\Users\Karol's Krafts\AppData\Local\{9D94E47E-D26C-4574-946C-5D251968FCA6} => Moved successfully. C:\Users\Karol's Krafts\AppData\Local\{827691BE-BB6E-465C-A162-577453AC7C98} => Moved successfully. C:\ProgramData\adf80ae5fb1c0699 => Moved successfully. C:\Users\Karol's Krafts\AppData\Roaming\SpeedanAlysis => Moved successfully. EmptyTemp: => Removed 4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====

Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014 Ran by Karol's Krafts at 2014-11-07 20:18:15 Running from G:\Malware Removal\Farbar Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) FUTURA SES1000 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.6 - ) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company) Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation) CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - JP (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CreativeStudio (HKLM-x32\...\{319A4F81-CBD7-48EF-91CF-03651E6EFB9B}) (Version: 4.2.0 - Statler Stitcher) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Galil DMC .Net API for Visual Studio 2005 (HKLM-x32\...\{072E9B7C-850B-4397-B104-098170742FAF}) (Version: 2.0.0.0 - Galil Motion Control) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}) (Version: 4.1.7.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Sentinel Protection Installer 7.3.2 (HKLM-x32\...\{EDFE2142-CFB3-44AB-A961-DE85F6408A28}) (Version: 7.3.2 - SafeNet, Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) Spotify (HKCU\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 21-10-2014 05:11:33 Restore Operation 21-10-2014 05:39:15 Windows Backup 21-10-2014 05:40:34 Restore Operation 21-10-2014 10:26:26 Windows Backup 25-10-2014 06:17:06 Windows Update 28-10-2014 23:44:14 Windows Backup 01-11-2014 02:08:46 Windows Update 03-11-2014 02:02:54 Windows Backup 04-11-2014 02:03:39 Removed BlueStacks Notification Center 05-11-2014 01:06:19 Windows Update 05-11-2014 02:10:09 Removed Java SE Runtime Environment 6 Update 1 05-11-2014 02:13:33 Removed Adobe Reader X (10.1.7) MUI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {001B574F-D9C2-424E-BF80-973C2FDCF8C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: {365081E8-61DF-4B7E-BC76-094BBFC4FC98} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink) Task: {487EBD0B-81CD-4B50-9D1C-D6CA374CCDE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company) Task: {7E29630D-29D5-4C32-8A44-6B1C9CA443E0} - System32\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {9A25F1A8-AAB8-48A6-9A4A-97BA8645E065} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {A84104BC-C353-486C-ADBC-3C8CFB201EFB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {B2D2F68C-71A1-40A1-B2DB-A76B34938914} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {C6C0BECA-EF79-41FB-888A-3FC12BC2DBA2} - System32\Tasks\HPCeeScheduleForKarol's Krafts => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {C767E5C2-BEA1-4A9E-B9B1-FA2F92F1A2CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {D04B6F09-0E0D-41EF-AD7A-F61C1FCBC876} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard) Task: {D290C98A-F1F1-4276-9995-7658CDFADDDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company) Task: {FDCA346F-E531-4653-A2F3-CA0A497E0198} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForKarol's Krafts.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-16 20:36 - 2014-10-16 20:36 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2012-05-07 17:13 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3278930305-513671393-255404018-500 - Administrator - Disabled) Guest (S-1-5-21-3278930305-513671393-255404018-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3278930305-513671393-255404018-1008 - Limited - Enabled) Karol's Krafts (S-1-5-21-3278930305-513671393-255404018-1000 - Administrator - Enabled) => C:\Users\Karol's Krafts ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Sentinel64 Description: Sentinel64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Sentinel64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/07/2014 06:13:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/06/2014 08:04:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 90080108 Error: (11/06/2014 06:07:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (11/06/2014 05:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . System errors: ============= Error: (11/07/2014 06:11:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MaintainerSvc6.37.565328 service failed to start due to the following error: %%2 Error: (11/07/2014 06:11:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%13. Error: (11/07/2014 06:11:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Sentinel64 service failed to start due to the following error: %%20 Error: (11/07/2014 06:07:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MaintainerSvc6.37.565328 service terminated unexpectedly. It has done this 1 time(s). Error: (11/06/2014 05:24:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MetafileNetSDK.exe service failed to start due to the following error: %%2 Error: (11/06/2014 05:24:42 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%13. Error: (11/06/2014 05:24:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Sentinel64 service failed to start due to the following error: %%20 Error: (11/04/2014 07:56:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MetafileNetSDK.exe service failed to start due to the following error: %%2 Error: (11/04/2014 07:56:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%13. Error: (11/04/2014 07:56:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Sentinel64 service failed to start due to the following error: %%20 Microsoft Office Sessions: ========================= Error: (11/07/2014 06:13:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/06/2014 08:04:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 90080108 Error: (11/06/2014 06:07:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (11/06/2014 05:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. CodeIntegrity Errors: =================================== Date: 2014-02-05 00:06:51.163 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-05 00:06:51.073 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.424 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.315 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.543 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.449 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.265 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.171 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.953 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.859 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Celeron® CPU B800 @ 1.50GHz Percentage of memory in use: 46% Total physical RAM: 1899.86 MB Available physical RAM: 1015.13 MB Total Pagefile: 3799.72 MB Available Pagefile: 2552.91 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:279.47 GB) (Free:206.21 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:2.88 GB) FAT32 Drive g: (BOOT) (Removable) (Total:0.98 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E9B0A126) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 1008.5 MB) (Disk ID: 007BA292) Partition 1: (Active) - (Size=1008 MB) - (Type=0C) ==================== End Of Log ============================

I'm assuming you want the logs. FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014 Ran by Karol's Krafts (administrator) on KAROLSKRAFTS-HP on 07-11-2014 20:16:59 Running from G:\Malware Removal\Farbar Loaded Profile: Karol's Krafts (Available profiles: Karol's Krafts) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 SearchScopes: HKLM - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Tcpip\Parameters: [DhcpNameServer] 208.67.220.222 208.67.220.220 192.168.2.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll No File FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-18] Chrome: ======= CHR Profile: C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed] R2 MSSQLSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2006-08-22] (SafeNet, Inc.) R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-12-21] (SafeNet, Inc) S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] S2 MaintainerSvc6.37.565328; "C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.) S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-09] (SafeNet Inc.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-09] (SafeNet Inc.) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1863720 2012-06-01] () S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 20:36 - 2014-11-04 20:37 - 00037388 _____ () C:\Users\Karol's Krafts\Desktop\Addition.txt 2014-11-04 20:35 - 2014-11-07 20:17 - 00000000 ____D () C:\FRST 2014-11-04 20:35 - 2014-11-04 20:37 - 00037307 _____ () C:\Users\Karol's Krafts\Desktop\FRST.txt 2014-11-04 20:22 - 2014-11-04 20:22 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-04 20:22 - 2014-11-04 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-04 20:21 - 2014-11-07 20:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-04 20:21 - 2014-11-07 06:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-04 20:21 - 2014-11-07 06:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-04 20:21 - 2014-11-07 06:13 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-03 13:56 - 2014-11-03 13:56 - 00000046 _____ () C:\Users\Karol's Krafts\AppData\Roaming\WB.CFG 2014-11-02 23:08 - 2014-11-02 23:08 - 00000000 ____D () C:\Users\Karol's Krafts\.android 2014-11-02 22:48 - 2014-11-02 22:48 - 00001087 _____ () C:\Users\Karol's Krafts\Desktop\Continue Kik Installation.lnk 2014-11-02 21:25 - 2014-11-02 21:25 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-02 13:45 - 2014-11-02 13:46 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{DFA69DAE-5C3A-40A4-B91F-27C9B1828084} 2014-11-02 13:44 - 2014-11-02 13:44 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{D29D090B-AE65-4F34-A820-6B770BE64CDA} 2014-11-02 13:42 - 2014-11-02 13:42 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{9D94E47E-D26C-4574-946C-5D251968FCA6} 2014-10-31 20:20 - 2014-10-31 20:21 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{827691BE-BB6E-465C-A162-577453AC7C98} 2014-10-21 22:25 - 2014-11-02 21:40 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9C26C7D-FDD4-47AE-AABB-0FDAEA98B6D2} 2014-10-21 00:44 - 2014-10-21 00:44 - 00000000 ____D () C:\Users\brian\AppData\Local\Google 2014-10-21 00:42 - 2014-10-21 00:42 - 00116280 _____ () C:\Users\brian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-21 00:41 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-21 00:41 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-21 00:41 - 2014-10-21 01:33 - 00000000 ____D () C:\Users\brian 2014-10-21 00:41 - 2014-10-21 00:41 - 00000000 ____D () C:\Users\brian\AppData\Roaming\Adobe 2014-10-21 00:41 - 2014-10-21 00:41 - 00000000 ____D () C:\Users\brian\AppData\Local\VirtualStore 2014-10-21 00:41 - 2013-01-01 16:08 - 00000000 ____D () C:\Users\brian\Documents\Visual Studio 2008 2014-10-21 00:41 - 2012-11-03 21:59 - 00000000 ____D () C:\Users\brian\AppData\Local\Microsoft Help 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ____D () C:\Users\Guest 2014-10-21 00:08 - 2013-01-01 16:08 - 00000000 ____D () C:\Users\Guest\Documents\Visual Studio 2008 2014-10-21 00:08 - 2012-11-03 21:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help 2014-10-15 20:29 - 2014-10-15 21:08 - 00000000 ____D () C:\Users\Karol's Krafts\Desktop\Embroidery Files 2014-10-15 19:10 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 19:10 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 19:10 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 19:10 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 19:10 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 19:10 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 19:10 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 19:10 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 19:10 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 19:10 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 19:10 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 19:10 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 19:10 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 19:10 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 19:10 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 19:10 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 19:10 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 19:10 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 19:10 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 19:10 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 19:10 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 19:10 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 19:10 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 19:10 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 19:10 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 19:10 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 19:10 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 19:10 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 19:10 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 19:10 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 19:10 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 19:10 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 19:10 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 19:10 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 19:10 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 19:10 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 19:10 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 19:10 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 19:10 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 19:10 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 19:10 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 19:10 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 19:10 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 19:10 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 19:10 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 19:10 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 19:10 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 19:10 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 19:10 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 19:10 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 19:09 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 19:09 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 19:09 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 19:09 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 19:09 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 19:07 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 19:07 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 19:07 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 19:07 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 19:07 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 19:07 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 19:07 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 19:07 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 19:07 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 19:07 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 19:06 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 19:06 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-08 15:28 - 2014-10-08 15:41 - 00033895 _____ () C:\Users\Karol's Krafts\Desktop\ann lemon carpenter.htm ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-07 20:06 - 2013-09-27 21:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-07 20:06 - 2013-06-22 20:39 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForKarol's Krafts.job 2014-11-07 20:06 - 2012-05-07 17:12 - 01706941 _____ () C:\Windows\WindowsUpdate.log 2014-11-07 06:18 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-07 06:18 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-07 06:17 - 2009-07-13 23:13 - 00848842 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-07 06:11 - 2013-02-11 22:03 - 00024580 _____ () C:\Windows\setupact.log 2014-11-07 06:11 - 2013-02-11 22:02 - 01119486 _____ () C:\Windows\PFRO.log 2014-11-07 06:11 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-07 06:09 - 2013-03-23 22:38 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\SpeedanAlysis 2014-11-07 06:02 - 2012-08-10 19:53 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B64AD4A8-D89C-42CD-9076-124118D592E3} 2014-11-06 05:32 - 2014-03-25 15:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-06 05:24 - 2012-05-07 17:24 - 00000000 ____D () C:\ProgramData\Norton 2014-11-04 20:21 - 2013-09-27 21:46 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-04 20:14 - 2011-07-12 21:37 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-04 19:12 - 2014-03-25 15:46 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-04 19:12 - 2014-03-25 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-04 19:12 - 2014-03-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-03 20:05 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-11-03 19:52 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini 2014-11-02 23:08 - 2012-08-10 19:43 - 00000000 ____D () C:\Users\Karol's Krafts 2014-11-02 21:37 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-11-02 21:24 - 2012-08-17 20:18 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\CrashDumps 2014-11-01 09:29 - 2013-06-22 20:39 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarol's Krafts 2014-11-01 09:29 - 2012-08-18 18:41 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-10-28 18:03 - 2014-03-27 00:46 - 00000000 ____D () C:\ProgramData\adf80ae5fb1c0699 2014-10-28 05:34 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-21 23:58 - 2013-02-10 22:03 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\Spotify 2014-10-21 22:48 - 2013-02-10 22:04 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\Spotify 2014-10-21 03:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-21 01:33 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow 2014-10-21 01:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration 2014-10-20 23:14 - 2009-07-13 23:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-20 15:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-10-16 20:02 - 2009-07-13 22:45 - 00433288 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 19:58 - 2014-05-13 07:52 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 19:35 - 2012-11-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 19:28 - 2013-08-17 04:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 19:21 - 2012-10-28 15:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 12:39 - 2011-07-12 21:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2014-10-14 11:53 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-09 22:49 - 2012-11-25 11:18 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$ 2014-10-09 22:49 - 2012-11-25 11:18 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$.job ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-06 20:05 ==================== End Of Log ============================

Program uninstalled. System still trying to use a proxy server and still unable to remove the option of using Proxy so the internet is not working. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014 Ran by Karol's Krafts at 2014-11-07 06:07:07 Run:1 Running from G:\Malware Removal\Farbar Loaded Profile: Karol's Krafts (Available profiles: Karol's Krafts) Boot Mode: Normal ============================================== Content of fixlist: ***************** start () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:24889 SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF SearchScopes: HKCU - URL http://search.condui...PV=T21114_sp_ie SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://www.trovi.com...rchTerms}&SSPV= SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869 SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....02,20028,0,77,0 SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.co...&iwk=242&lng=en BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll () C:\Program Files (x86)\Perk Prize Panel Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF HKCU\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF CHR Extension: (SpeedAnalysis.com) - C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon [2013-09-27] CHR HKLM-x32\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Karol's Krafts\AppData\Roaming\SpeedanAlysis\speedanalysis.crx [2013-02-14] CHR DefaultSearchKeyword: Default -> astromenda.com CHR DefaultSearchURL: Default -> http://astromenda.co...=1885302309&ir= S2 MetafileNetSDK.exe; C:\Users\Karol's Krafts\AppData\Local\MetafileNetSDK\MetafileNetSDK.exe [X] 2014-11-03 19:07 - 2014-11-03 19:52 - 00000000 ____D () C:\ProgramData\Systweak 2014-11-03 19:06 - 2014-11-03 19:52 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\Systweak 2014-11-02 22:59 - 2014-11-02 23:06 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-11-02 22:58 - 2014-11-02 22:58 - 13141248 _____ (BlueStack Systems Inc.) C:\Users\Karol's Krafts\Downloads\BlueStacks-Installer.exe 2014-11-02 22:55 - 2014-11-03 20:17 - 00000000 ____D () C:\ProgramData\BoostSoftware 2014-11-02 21:40 - 2014-11-02 21:40 - 00003402 _____ () C:\Windows\System32\Tasks\DonutQuotes 2014-11-02 21:21 - 2014-11-02 21:21 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\Pro PC Cleaner 2014-11-02 21:20 - 2014-11-02 21:23 - 00000000 ____D () C:\Program Files (x86)\PCTRunner 2014-11-02 21:20 - 2014-11-02 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2014-11-02 21:19 - 2014-11-02 21:23 - 00000004 _____ () C:\end Task: {63D5526F-6ACF-4A34-96F9-EB1B95B7D205} - \Advanced-System Protector_startup No Task File <==== ATTENTION Task: {7FA52EFD-9ABD-49EA-BF38-1D60EF2C2B4C} - \ASP No Task File <==== ATTENTION Task: {9F02EC3D-BC33-4880-8967-0FD9DC7A1DA4} - System32\Tasks\4772 => Wscript.exe C:\Users\KAROL'~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION C:\Users\KAROL'~1\AppData\Local\Temp\launchie.vbs Task: {B0D9F114-C77C-4770-8738-C762F8F64EB1} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe C:\Program Files (x86)\donutleads Task: {D6B3AB92-F990-499C-A3C6-1D0601B8AFEB} - \RegClean Pro No Task File <==== ATTENTION Task: {D9B6D94E-6739-40F4-B8B5-4B0F899FC20B} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION 2014-10-14 12:41 - 2014-01-10 21:14 - 00000000 ____D () C:\ProgramData\Yahoo! 2014-11-03 19:06 - 2014-11-03 19:07 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\ASP C:\Windows\SysWOW64\IndexNetTrash C:\Users\Karol's Krafts\AppData\Local\CheckCode C:\Users\Karol's Krafts\AppData\Local\PerlScriptWinsock C:\Windows\SysWOW64\ClipboardTaskWinsock Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90 Tcpip\..\Interfaces\{818DA884-73BF-4A7C-8212-D3AC502D1BDB}: [NameServer] 184.172.114.130,208.43.110.90 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 184.172.114.130,208.43.110.90 Tcpip\..\Interfaces\{84E0B216-DECA-45E4-B710-8CC7809BC1EA}: [NameServer] 184.172.114.130,208.43.110.90 Tcpip\..\Interfaces\{C2E86849-DB9B-4CD2-925E-885167DF313F}: [NameServer] 184.172.114.130,208.43.110.90 Folder: C:\Users\Karol's Krafts\AppData\Local\MetafileNetSDK Folder: C:\ProgramData\adf80ae5fb1c0699 Folder: C:\Users\Karol's Krafts\AppData\Local\{DFA69DAE-5C3A-40A4-B91F-27C9B1828084} Folder: C:\Users\Karol's Krafts\AppData\Local\{D29D090B-AE65-4F34-A820-6B770BE64CDA} Folder: C:\Users\Karol's Krafts\AppData\Local\{9D94E47E-D26C-4574-946C-5D251968FCA6} Folder: C:\Users\Karol's Krafts\AppData\Local\{827691BE-BB6E-465C-A162-577453AC7C98} CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: end ***************** [468] C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe => Process closed successfully. C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully. "HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully. "HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully. "HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully. "HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully. "HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}" => Key deleted successfully. "HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47F3EB15-C230-4A0B-BE4B-D527FF483B48}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{47F3EB15-C230-4A0B-BE4B-D527FF483B48}" => Key deleted successfully. C:\Program Files (x86)\Perk Prize Panel => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found. HKCU\Software\Mozilla\Firefox\Extensions\\pp@perk.com => value deleted successfully. C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon" => Key deleted successfully. C:\Users\Karol's Krafts\AppData\Roaming\SpeedanAlysis\speedanalysis.crx => Moved successfully. Chrome DefaultSearchKeyword deleted successfully. Chrome DefaultSearchURL deleted successfully. MetafileNetSDK.exe => Service deleted successfully. C:\ProgramData\Systweak => Moved successfully. C:\Users\Karol's Krafts\AppData\Roaming\Systweak => Moved successfully. C:\ProgramData\BlueStacksSetup => Moved successfully. C:\Users\Karol's Krafts\Downloads\BlueStacks-Installer.exe => Moved successfully. C:\ProgramData\BoostSoftware => Moved successfully. C:\Windows\System32\Tasks\DonutQuotes => Moved successfully. C:\Users\Karol's Krafts\AppData\Roaming\Pro PC Cleaner => Moved successfully. C:\Program Files (x86)\PCTRunner => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip => Moved successfully. C:\end => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63D5526F-6ACF-4A34-96F9-EB1B95B7D205}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63D5526F-6ACF-4A34-96F9-EB1B95B7D205}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-System Protector_startup" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FA52EFD-9ABD-49EA-BF38-1D60EF2C2B4C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FA52EFD-9ABD-49EA-BF38-1D60EF2C2B4C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F02EC3D-BC33-4880-8967-0FD9DC7A1DA4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F02EC3D-BC33-4880-8967-0FD9DC7A1DA4}" => Key deleted successfully. C:\Windows\System32\Tasks\4772 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4772" => Key deleted successfully. "C:\Users\KAROL'~1\AppData\Local\Temp\launchie.vbs" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0D9F114-C77C-4770-8738-C762F8F64EB1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0D9F114-C77C-4770-8738-C762F8F64EB1}" => Key deleted successfully. C:\Windows\System32\Tasks\DonutQuotes not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => Key deleted successfully. "C:\Program Files (x86)\donutleads" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6B3AB92-F990-499C-A3C6-1D0601B8AFEB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6B3AB92-F990-499C-A3C6-1D0601B8AFEB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9B6D94E-6739-40F4-B8B5-4B0F899FC20B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9B6D94E-6739-40F4-B8B5-4B0F899FC20B}" => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully. C:\ProgramData\Yahoo! => Moved successfully. C:\Users\Karol's Krafts\AppData\Roaming\ASP => Moved successfully. C:\Windows\SysWOW64\IndexNetTrash => Moved successfully. C:\Users\Karol's Krafts\AppData\Local\CheckCode => Moved successfully. C:\Users\Karol's Krafts\AppData\Local\PerlScriptWinsock => Moved successfully. C:\Windows\SysWOW64\ClipboardTaskWinsock => Moved successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value deleted successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{818DA884-73BF-4A7C-8212-D3AC502D1BDB}\\NameServer => value deleted successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\\NameServer => value deleted successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{84E0B216-DECA-45E4-B710-8CC7809BC1EA}\\NameServer => value deleted successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2E86849-DB9B-4CD2-925E-885167DF313F}\\NameServer => value deleted successfully. ========================= Folder: C:\Users\Karol's Krafts\AppData\Local\MetafileNetSDK ======================== Directory Not Found ========================= Folder: C:\ProgramData\adf80ae5fb1c0699 ======================== 2014-06-20 23:23 - 2014-06-20 23:23 - 0000916 _____ () C:\ProgramData\adf80ae5fb1c0699\{D86C82B0-1F02-816A-5F3D-6466F6A67566} 2014-08-31 22:23 - 2014-08-31 22:23 - 0000152 _____ () C:\ProgramData\adf80ae5fb1c0699\0f29801820a37114f037e5d08aea1fd9.ini 2014-04-01 21:13 - 2014-04-01 21:13 - 0000372 _____ () C:\ProgramData\adf80ae5fb1c0699\15a1758beb4d95daf037e5d08aea1fd9.ini 2014-05-23 19:48 - 2014-05-23 19:48 - 0000374 _____ () C:\ProgramData\adf80ae5fb1c0699\1878c1afe37a6843f037e5d08aea1fd9.ini 2014-07-02 19:18 - 2014-07-02 19:18 - 0000504 _____ () C:\ProgramData\adf80ae5fb1c0699\198cdfe22d13c1abf037e5d08aea1fd9.ini 2014-03-27 00:46 - 2014-03-27 00:46 - 0000502 _____ () C:\ProgramData\adf80ae5fb1c0699\242c2fd4536773faf037e5d08aea1fd9.ini 2014-03-27 00:46 - 2014-03-27 00:46 - 0000372 _____ () C:\ProgramData\adf80ae5fb1c0699\3ed03cfb56800283f037e5d08aea1fd9.ini 2014-04-01 21:13 - 2014-04-01 21:13 - 0000410 _____ () C:\ProgramData\adf80ae5fb1c0699\5563f418483f3111f037e5d08aea1fd9.ini 2014-08-03 16:16 - 2014-08-03 16:16 - 0000505 _____ () C:\ProgramData\adf80ae5fb1c0699\659310361e8c6f3cf037e5d08aea1fd9.ini 2014-10-28 18:03 - 2014-10-28 18:03 - 0000157 _____ () C:\ProgramData\adf80ae5fb1c0699\73a5cd548c868dbdf037e5d08aea1fd9.ini 2014-08-31 22:23 - 2014-08-31 22:23 - 0000501 _____ () C:\ProgramData\adf80ae5fb1c0699\8667b30c8487a893f037e5d08aea1fd9.ini 2014-05-23 19:48 - 2014-05-23 19:48 - 0000505 _____ () C:\ProgramData\adf80ae5fb1c0699\88ca0666a8bc42bcf037e5d08aea1fd9.ini 2014-08-03 12:35 - 2014-08-03 12:35 - 0000158 _____ () C:\ProgramData\adf80ae5fb1c0699\949eb5250aa63df0f037e5d08aea1fd9.ini 2014-08-31 22:23 - 2014-08-31 22:23 - 0000366 _____ () C:\ProgramData\adf80ae5fb1c0699\a220577b68ed26b8f037e5d08aea1fd9.ini 2014-08-03 12:35 - 2014-08-03 12:35 - 0000370 _____ () C:\ProgramData\adf80ae5fb1c0699\b895ebcf88104095f037e5d08aea1fd9.ini 2014-07-02 19:17 - 2014-07-02 19:17 - 0000152 _____ () C:\ProgramData\adf80ae5fb1c0699\bd95dd966694472df037e5d08aea1fd9.ini 2014-06-09 08:06 - 2014-06-09 08:06 - 0000373 _____ () C:\ProgramData\adf80ae5fb1c0699\c6fe71eb0df19321f037e5d08aea1fd9.ini 2014-07-02 19:18 - 2014-07-02 19:18 - 0000370 _____ () C:\ProgramData\adf80ae5fb1c0699\c90970dadaa8483bf037e5d08aea1fd9.ini ====== End of Folder: ====== ========================= Folder: C:\Users\Karol's Krafts\AppData\Local\{DFA69DAE-5C3A-40A4-B91F-27C9B1828084} ======================== ====== End of Folder: ====== ========================= Folder: C:\Users\Karol's Krafts\AppData\Local\{D29D090B-AE65-4F34-A820-6B770BE64CDA} ======================== ====== End of Folder: ====== ========================= Folder: C:\Users\Karol's Krafts\AppData\Local\{9D94E47E-D26C-4574-946C-5D251968FCA6} ======================== ====== End of Folder: ====== ========================= Folder: C:\Users\Karol's Krafts\AppData\Local\{827691BE-BB6E-465C-A162-577453AC7C98} ======================== ====== End of Folder: ====== ========= ipconfig /flushdns ========= ========= End of CMD: ========= ========= netsh winsock reset all ========= ========= End of CMD: ========= ========= netsh int ipv4 reset ========= ========= End of CMD: ========= ========= netsh int ipv6 reset ========= ========= End of CMD: ========= EmptyTemp: => Removed 11.8 MB temporary data. The system needed a reboot. ==== End of Fixlog ====

Wow that's a long list. I haven't seen that long of a list in a while. Log 2 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/4/2014 Scan Time: 7:14:11 PM Logfile: scan 2.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.05.01 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Karol's Krafts Scan Type: Threat Scan Result: Completed Objects Scanned: 435701 Time Elapsed: 29 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.Pirrit, C:\Users\Karol's Krafts\AppData\Local\PerlScriptWinsock\PerlScriptWinsock.exe, 1464, Delete-on-Reboot, [f62f0c2cc1bb979fb470c26df90ca060] PUP.Optional.eDeals, C:\Windows\SysWOW64\IndexNetTrash\IndexNetTrash.exe, 3404, Delete-on-Reboot, [e83d191f6b11e254db4ad857b64f2ad6] Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.Pirrit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PerlScriptWinsock.exe, Quarantined, [f62f0c2cc1bb979fb470c26df90ca060], PUP.Optional.Pirrit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PERLSCRIPTWINSOCK.EXE, Quarantined, [f62f0c2cc1bb979fb470c26df90ca060], PUP.Optional.Pirrit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PERLSCRIPTWINSOCK.EXE, Quarantined, [f62f0c2cc1bb979fb470c26df90ca060], PUP.Optional.eDeals, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IndexNetTrash, Quarantined, [e83d191f6b11e254db4ad857b64f2ad6], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.Pirrit, C:\Users\Karol's Krafts\AppData\Local\PerlScriptWinsock\PerlScriptWinsock.exe, Delete-on-Reboot, [f62f0c2cc1bb979fb470c26df90ca060], PUP.Optional.eDeals, C:\Windows\SysWOW64\IndexNetTrash\IndexNetTrash.exe, Delete-on-Reboot, [e83d191f6b11e254db4ad857b64f2ad6], Physical Sectors: 0 (No malicious items detected) (end)

[135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\itunes.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\jira.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\kik.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\krop.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\linkedin.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\linkedin_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\livejournal.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\lovedsgn.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\meetup.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\metacafe.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ming.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mister_wong.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mixx.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mixx_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mobileCore.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mobileme.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\myspace.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\myspace_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\netflix.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\newsvine.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\noaa.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\nytimes.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\official.fm.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\openid.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\orkut.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\pandora.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\path.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\paypal.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\photobucket.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\picasa.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\pinboard.in.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ping.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\pingchat.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\playstation.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\plixi.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\plurk.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\podcast.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\posterous.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\qik.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\quik.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\quora.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\rdio.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\readernaut.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\reddit.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\robo.to.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\rss.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\salesforce.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\scribd.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\sharethis.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\simplenote.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\skype.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\slashdot.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\slideshare.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\smugmug.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\soundcloud.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\spotify.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\squidoo.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\steam.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\stumbleupon.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\technorati.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\theweatherchannel.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\threewords.me.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\trello.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tribe.net.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tripadvisor.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tripit.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tweaks-soft.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\twitter.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\twitter_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\vcard.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\viddler.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\vimeo.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\virb.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\w3.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\weatherbug.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\whatsapp.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\wikipedia.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\windows.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\wists.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\wordpress.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\wordpress_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\xing.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\yahoo!_buzz.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\yahoo!_messenger.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\yahoo.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\yelp.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\youtube.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\youtube_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\zerply.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\zootool.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\zynga.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\amazon.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\bestbuy.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\kmart.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\newegg.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\overstock.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\samsung.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\target.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\wallmart.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\clock-icon-small-black.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\clock-icon-small.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\cloud-icon-small-black.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\cloud-icon-small.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\icons-black.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\icons.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\jquery-ui-1.10.3.custom.min.css, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\newtab.css, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\normalize.css, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\opentab.css, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\opentab_global.css, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\close-btn.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\close_80x80.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\default-image-grey.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\default-image.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\default-image.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\powered-by-google.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\about\spotsbeta.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps\android-white.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps\download.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps\star.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps\star_full.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\add.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\chrome_apps.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\menu-icon.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\profile.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\recently.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\search.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\searchb.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\sms.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\discovery\arrow-down-active.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\discovery\arrow-down.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\discovery\discovery_facebook.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\add-item-icon-black.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\add-item-icon.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\arrow-down.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\arrow-up.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\edit-item-icon.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\new-tab.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\plus-black.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\plus-white.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\remove-item-icon.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue\arrow-up.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue\ftue-finish-icon.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue\ftue-phone.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue\search-bar.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\128.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\16.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\48.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\arrow-down.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\logo.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\v-icon.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\whitelogo.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\x-icon.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction\19x19.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction\19x19b.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction\38x38.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction\38x38b.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\computer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\screenshot1.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\screenshot2.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\screenshot3.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\screenshot4.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\warning.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\loaders\loader.swf, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\loaders\loader_white.swf, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\birthday-black.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\birthday.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\dismiss-icon-black.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\dismiss-icon.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\event-black.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\event.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\minimize.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\em-clean.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\!.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\android-clean.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\android.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\call-clean.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\call.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\close-chat-clean.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\close-chat.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\contact-default-clean.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\contact-default.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\contact-opacity.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\hangup-black.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\hangup-clean.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\hangup.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone-welcome-dismiss-icon-clean.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone-welcome-dismiss-icon.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone_icon-clean.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone_icon.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone_preview-clean.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone_preview.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search-call-black.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search-call-clean.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search-call.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search-clean.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\sms-black.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\sms-clean.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\sms.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\plane.gif, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\rating-star.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_1.gif, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_2.gif, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_3.gif, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_4.gif, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_5.gif, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\bookmark-icon-black.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\bookmark-icon-white.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\calculator-icon-black.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\calculator-icon-white.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\hangup.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\navigation-icon-black.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\navigation-icon-white.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\phone_preview.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\plus-dark-sm.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\remove-dark-sm.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\search-black.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\search-icon-black.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\search-icon-white.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\search.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\sms.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\web-result-icon-black.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\web-result-icon-white.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\bubbles\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\bubbles\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\bubbles\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\buttons\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\buttons\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\buttons\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\city\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\city\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\city\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\clean\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\disco\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\disco\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\disco\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\fishing\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\fishing\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\fishing\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\forest\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\forest\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\forest\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\mountains\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\mountains\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\mountains\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\planets\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\planets\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\planets\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sea\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sea\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sea\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\space\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\space\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\space\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\strips\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\strips\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\strips\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sunset\bg.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sunset\footer.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sunset\thumb.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\user\login.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\user\menu-icon.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\background.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\bootstrap.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\newtab.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\opentab.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\jquery.inview.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\aes.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\angular-animate.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\angular-route.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\angular.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\async.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\aws-sdk-2.0.0-rc9.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\eventsource.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\idbstore.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\jquery-2.1.1.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\jquery-ui-1.10.3.custom.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\js-canvas-to-blob.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\lodash.underscore.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\md5.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\mixins.loadash.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\moment-with-langs.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\moment.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\phoneformat.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\sortable.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\TweenMax.min.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\utils.js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_de.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_en.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_es.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_fr.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_he.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_it.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_ja.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_nl.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_pl.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_pt.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_ru.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_tr.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ar\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\de\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\en\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\es\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\fr\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\he\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\it\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ja\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\nl\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pl\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pt_BR\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ru\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\tr\messages.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_metadata\verified_contents.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\astcnfg.dat, Quarantined, [a2c54bec4636d165769d78a5788b639d], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, Quarantined, [a2c54bec4636d165769d78a5788b639d], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, Quarantined, [a2c54bec4636d165769d78a5788b639d], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninst.dat, Quarantined, [a2c54bec4636d165769d78a5788b639d], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninstall.exe, Quarantined, [a2c54bec4636d165769d78a5788b639d], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, Quarantined, [98cff542027afe38aa8226f751b234cc], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, Quarantined, [98cff542027afe38aa8226f751b234cc], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, Quarantined, [98cff542027afe38aa8226f751b234cc], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, Quarantined, [98cff542027afe38aa8226f751b234cc], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, Quarantined, [98cff542027afe38aa8226f751b234cc], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe, Quarantined, [98cff542027afe38aa8226f751b234cc], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\AddonSafelist, Quarantined, [ee79a39492ea10263c2f28f5cf347c84], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\log.xslt, Quarantined, [ee79a39492ea10263c2f28f5cf347c84], PUP.Optional.AdvancedSystemProtector.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\Advanced-System Protector\Settings.db, Quarantined, [5017ab8c770515214328ac711de6d22e], PUP.Optional.AdvancedSystemProtector.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.14138\ASPLog.txt, Quarantined, [5017ab8c770515214328ac711de6d22e], PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, Quarantined, [04637cbb047880b618f59b86cb38b24e], PUP.Optional.OneSoftPerDay.A, C:\Users\Karol's Krafts\AppData\Local\ospd_us_349\upospd_us_349.cyl, Quarantined, [7cebb3843448d1651cf2150ce22138c8], PUP.Optional.OneSoftPerDay.A, C:\Users\Karol's Krafts\AppData\Local\ospd_us_349\upospd_us_349.exe, Delete-on-Reboot, [7cebb3843448d1651cf2150ce22138c8], PUP.Optional.OneSoftPerDay.A, C:\Users\Karol's Krafts\AppData\Local\ospd_us_349\user_profil.cyp, Quarantined, [7cebb3843448d1651cf2150ce22138c8], PUP.Optional.OneSoftPerDay.A, C:\Users\Karol's Krafts\AppData\Local\ospd_us_349\Download\majmp_gentleeeuu.exe, Quarantined, [7cebb3843448d1651cf2150ce22138c8], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_349\onesoftperday_widget.exe, Quarantined, [bdaa4becb4c885b1848bc75abe452ad6], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_349\predm.exe, Quarantined, [bdaa4becb4c885b1848bc75abe452ad6], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_349\unins000.dat, Quarantined, [bdaa4becb4c885b1848bc75abe452ad6], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_349\unins000.exe, Quarantined, [bdaa4becb4c885b1848bc75abe452ad6], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_349\unins000.msg, Quarantined, [bdaa4becb4c885b1848bc75abe452ad6], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\Captcha.exe, Quarantined, [175052e53f3d88ae0a9fe83c15eeb749], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\HtmlAgilityPack.dll, Delete-on-Reboot, [175052e53f3d88ae0a9fe83c15eeb749], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [175052e53f3d88ae0a9fe83c15eeb749], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\Newtonsoft.Json.dll, Delete-on-Reboot, [175052e53f3d88ae0a9fe83c15eeb749], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\RestSharp.dll, Delete-on-Reboot, [175052e53f3d88ae0a9fe83c15eeb749], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\ScheduledTask.exe, Delete-on-Reboot, [175052e53f3d88ae0a9fe83c15eeb749], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\images\logo_256.ico, Quarantined, [175052e53f3d88ae0a9fe83c15eeb749], PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads\instlgsent.config, Quarantined, [46216dca314b11258327c06459aab14f], PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads\instltm_20141102214019, Quarantined, [46216dca314b11258327c06459aab14f], PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads\ServiceConfig2.json, Quarantined, [46216dca314b11258327c06459aab14f], PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads\WinApp.config, Quarantined, [46216dca314b11258327c06459aab14f], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\terms-of-service.rtf, Quarantined, [cd9abe7947355fd78934cf561be858a8], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses\buildcrx-license.txt, Quarantined, [cd9abe7947355fd78934cf561be858a8], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [cd9abe7947355fd78934cf561be858a8], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses\nsJSON-license.txt, Quarantined, [cd9abe7947355fd78934cf561be858a8], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses\UAC-license.txt, Quarantined, [cd9abe7947355fd78934cf561be858a8], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://astromenda.com/?f=7&a=ast_app_14_44_ie&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyD0A0CtByE0F0BtByB0AtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0ByDtCyDyE0EtGtAzy0F0CtGyD0AyCyDtGzytA0C0AtGyDtD0AyCyCtBtB0C0A0Ezz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDtC0EtD0C0A0AtGzytA0BzztGyEtC0DyCtG0B0A0B0DtGyCzztC0CtAtAyEyD0A0FtDzy2Q&cr=1885302309&ir=" ],), Replaced,[81e61225770531050b04c0ae45c0da26] PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://astromenda.com/?f=1&a=ast_app_14_44_ie&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyD0A0CtByE0F0BtByB0AtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0ByDtCyDyE0EtGtAzy0F0CtGyD0AyCyDtGzytA0C0AtGyDtD0AyCyCtBtB0C0A0Ezz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDtC0EtD0C0A0AtGzytA0BzztGyEtC0DyCtG0B0A0B0DtGyCzztC0CtAtAyEyD0A0FtDzy2Q&cr=1885302309&ir=",), Replaced,[90d739fe8af2f046d83875f9a16453ad] PUP.Optional.Conduit.A, C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "search_url": "http://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ch",), Replaced,[fc6bdc5bd1aba69062b3a6ca8e774eb2] Physical Sectors: 0 (No malicious items detected) (end)

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_08e170b4-464c-4f06-83c8-e04075378b16_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_08f9f009-dcd4-4a0d-a2ac-9889e92333c4_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_08f9f009-dcd4-4a0d-a2ac-9889e92333c4_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_09ecbb89-2e7b-4585-84dd-53a49be8aa4d_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_09ecbb89-2e7b-4585-84dd-53a49be8aa4d_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_871a7423-5f56-4b62-ab96-9b513be37d24_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_871a7423-5f56-4b62-ab96-9b513be37d24_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_8c833e1d-79d7-4ab8-9cce-6e96e49bc0c4_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_8c833e1d-79d7-4ab8-9cce-6e96e49bc0c4_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_8f8c27cd-5559-4ad7-b64d-afa87ddcfda2_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_8f8c27cd-5559-4ad7-b64d-afa87ddcfda2_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_8faf0af8-398a-40c6-9c9a-99781dc0822e_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_8faf0af8-398a-40c6-9c9a-99781dc0822e_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_944ce489-239e-43e8-abf7-49c76b7c90fe_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_944ce489-239e-43e8-abf7-49c76b7c90fe_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_9c6c74b4-9156-4740-b9a5-e6af23d157a7_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_9c6c74b4-9156-4740-b9a5-e6af23d157a7_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_c2a1adf4-daa1-4373-9b18-c66c761def17_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_c2a1adf4-daa1-4373-9b18-c66c761def17_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_c739e095-7d2c-4465-8d40-e3d6be76e398_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_c739e095-7d2c-4465-8d40-e3d6be76e398_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ca7ceac8-20e5-441f-83c0-90a34184382e_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ca7ceac8-20e5-441f-83c0-90a34184382e_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ccb8c6bb-562c-45e5-8a8b-acb380cc7a43_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ccb8c6bb-562c-45e5-8a8b-acb380cc7a43_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_3bddafd4-63ef-4a18-967e-5f728eb5b5f3_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_44cc2ea9-4465-4202-b9a0-eea43b4aa2e1_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_44cc2ea9-4465-4202-b9a0-eea43b4aa2e1_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_46d5cc23-2a07-4fa1-a7e4-02745e018eeb_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_46d5cc23-2a07-4fa1-a7e4-02745e018eeb_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_47b7d106-2b70-404d-a79c-09bd2ea7ecd6_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_47b7d106-2b70-404d-a79c-09bd2ea7ecd6_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_3bddafd4-63ef-4a18-967e-5f728eb5b5f3_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_49be2413-1fa9-4ecd-81fa-d99063cbcd7f_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5153b177-0086-43dd-bba5-c55959afb26b_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_65411b35-67bb-4dcf-94f5-7c3438bd4811_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_72b93fd9-e3bf-4865-94c7-a059c3e12efd_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_836e38a6-fcb0-45e0-a11e-0afa1cc86e9e_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_b6c7e4b6-97ff-4ef9-bb5e-e0cce47a10e8_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ce243189-b196-48b7-ad83-6ca1957021fa_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_da7649d9-d987-43aa-af20-757dc09fa8a2_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e67bfcd2-f4be-4f9f-8451-941679d42784_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_fcb86df8-9ea8-4064-91bf-c0a00e9bf15f_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e67bfcd2-f4be-4f9f-8451-941679d42784_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e8b658c6-7aed-47f9-b4e4-0966169d8031_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e8b658c6-7aed-47f9-b4e4-0966169d8031_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e90d607e-0833-45dc-929b-32723fd3cf01_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e90d607e-0833-45dc-929b-32723fd3cf01_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_f11af63b-67bb-410c-9b61-e009b289d9cc_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_f11af63b-67bb-410c-9b61-e009b289d9cc_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_f4669a6b-663e-46bf-94a0-15f810e46898_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_f4669a6b-663e-46bf-94a0-15f810e46898_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_f8e8136c-e431-4801-b4a2-126dae595ce6_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_f8e8136c-e431-4801-b4a2-126dae595ce6_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_65411b35-67bb-4dcf-94f5-7c3438bd4811_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_65934e21-f964-4196-abf5-8d7be9d92f73_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_65934e21-f964-4196-abf5-8d7be9d92f73_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_68575b4d-ff36-4bee-88e9-9cd33aa0db1b_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_68575b4d-ff36-4bee-88e9-9cd33aa0db1b_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_72b93fd9-e3bf-4865-94c7-a059c3e12efd_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a5f37051-98e3-4196-b229-2d4d936c8584_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a5f37051-98e3-4196-b229-2d4d936c8584_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a773cbb2-2d7c-4633-87e4-65f9fb78295f_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a773cbb2-2d7c-4633-87e4-65f9fb78295f_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a93e1851-dbc5-4676-b33b-a7d2be7d8006_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a93e1851-dbc5-4676-b33b-a7d2be7d8006_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ad7a3bc0-7f8f-487b-8496-c9661e1c56d5_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ad7a3bc0-7f8f-487b-8496-c9661e1c56d5_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_aea8d6d3-5de2-467a-b459-f3d2e21611cd_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_aea8d6d3-5de2-467a-b459-f3d2e21611cd_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_dba6ccdd-fdbe-4834-b14b-58fcc571a435_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_dba6ccdd-fdbe-4834-b14b-58fcc571a435_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_dd603bdc-a43e-4286-a917-9ec23877b2e4_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_dd603bdc-a43e-4286-a917-9ec23877b2e4_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_dfa782fa-b525-402d-b60b-448ab81640e6_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_dfa782fa-b525-402d-b60b-448ab81640e6_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e254dcc0-13e4-4621-840e-42e2b1cfbcb3_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e254dcc0-13e4-4621-840e-42e2b1cfbcb3_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e45c182d-262d-477c-b0de-ea30b3eda932_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e45c182d-262d-477c-b0de-ea30b3eda932_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e6159b3b-233b-45da-8b6a-01b85385236d_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e6159b3b-233b-45da-8b6a-01b85385236d_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_243fed87-dcee-4fcd-b862-ab142a6650f9_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_243fed87-dcee-4fcd-b862-ab142a6650f9_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_28e4db55-350a-4684-8aed-5b37566e175d_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_28e4db55-350a-4684-8aed-5b37566e175d_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_2d9935e0-119d-4b80-952e-e5857f8df760_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_2d9935e0-119d-4b80-952e-e5857f8df760_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_2fc6bbdf-187e-408d-b17f-21fd06ae5edc_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_2fc6bbdf-187e-408d-b17f-21fd06ae5edc_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_34bc38a6-bc95-44f7-b77e-7400689a79a2_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_34bc38a6-bc95-44f7-b77e-7400689a79a2_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_52640319-d47f-4a40-aedd-8a618535a92a_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_52640319-d47f-4a40-aedd-8a618535a92a_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_538478b6-1afa-4349-952b-4079f7b612f4_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_538478b6-1afa-4349-952b-4079f7b612f4_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_59cb44a2-1879-4f03-827b-242a7c3f341c_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_59cb44a2-1879-4f03-827b-242a7c3f341c_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5aa84c0e-06be-4355-9fd5-59e6fe2cf9c5_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5aa84c0e-06be-4355-9fd5-59e6fe2cf9c5_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5b0f0a63-7b3b-49c8-8ea5-ad2f085ef9d4_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5b0f0a63-7b3b-49c8-8ea5-ad2f085ef9d4_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_9eee78b7-1360-4c06-8ade-6e554b2bf241_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_9eee78b7-1360-4c06-8ade-6e554b2bf241_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_9fa8852f-a759-49a6-b0d5-5332cd40c715_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_9fa8852f-a759-49a6-b0d5-5332cd40c715_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a01e131d-38da-4e78-9f24-c7d6799fe82b_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a01e131d-38da-4e78-9f24-c7d6799fe82b_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a247aa2f-dfb4-45e2-a21d-bb309a776bb2_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_a247aa2f-dfb4-45e2-a21d-bb309a776bb2_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_1ecbdfef-d16b-41d2-a5f9-2793661c8d90_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_1ecbdfef-d16b-41d2-a5f9-2793661c8d90_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_22f4da82-17d7-4286-aa4f-3ecc05ac2df7_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_22f4da82-17d7-4286-aa4f-3ecc05ac2df7_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_23c14919-f1c9-4742-b892-31635f1831b3_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_23c14919-f1c9-4742-b892-31635f1831b3_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_23d771bf-2e5b-4a4d-a624-3c2780e9a762_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_23d771bf-2e5b-4a4d-a624-3c2780e9a762_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_b6c7e4b6-97ff-4ef9-bb5e-e0cce47a10e8_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_b9cc5d44-e7aa-4c61-8e3c-ad49f1868809_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_b9cc5d44-e7aa-4c61-8e3c-ad49f1868809_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ba986aa8-286d-4c9a-880a-2e5e38319078_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ba986aa8-286d-4c9a-880a-2e5e38319078_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_bb23c283-a522-4fce-b915-7db1acb66c19_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_bb23c283-a522-4fce-b915-7db1acb66c19_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_be59ea58-48d3-4a51-80dc-7b4f8e0610d0_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_be59ea58-48d3-4a51-80dc-7b4f8e0610d0_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_befb5a61-311d-4e6f-ba20-c5f7d7241bd5_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_befb5a61-311d-4e6f-ba20-c5f7d7241bd5_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_fcb86df8-9ea8-4064-91bf-c0a00e9bf15f_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_fd5fc231-8ca4-46a8-aac0-22812257fe42_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_fd5fc231-8ca4-46a8-aac0-22812257fe42_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_fe3cce7a-ec4b-4e1e-b0b7-48257a6dea9a_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_fe3cce7a-ec4b-4e1e-b0b7-48257a6dea9a_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_fedc0ebb-1f95-4ae1-9fb2-2291a8555e5e_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_fedc0ebb-1f95-4ae1-9fb2-2291a8555e5e_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ff33c3f6-ad35-4c2a-9a88-9094ce91a6ef_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ff33c3f6-ad35-4c2a-9a88-9094ce91a6ef_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_49be2413-1fa9-4ecd-81fa-d99063cbcd7f_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_4b204c7e-9a41-415a-9d0e-de143ab7ac09_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_4b204c7e-9a41-415a-9d0e-de143ab7ac09_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_4e49b2dc-e7f4-4b25-a56d-1caee1b2ae6a_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_4e49b2dc-e7f4-4b25-a56d-1caee1b2ae6a_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5153b177-0086-43dd-bba5-c55959afb26b_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5fe93321-0e77-4c0e-9789-b7d6f13cfc72_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5fe93321-0e77-4c0e-9789-b7d6f13cfc72_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5ffb0bd1-438b-47e2-8d72-8f9e66d16f7b_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_5ffb0bd1-438b-47e2-8d72-8f9e66d16f7b_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_61ed0357-69a6-4c41-8fff-dfc7e0c36cff_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_61ed0357-69a6-4c41-8fff-dfc7e0c36cff_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_641f2c44-103f-4b62-ba69-6d6930620da2_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_641f2c44-103f-4b62-ba69-6d6930620da2_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_0f62883a-1acc-4e43-b648-e35a7816916d_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_0f62883a-1acc-4e43-b648-e35a7816916d_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_1157f2b7-18b1-4ecc-a13d-93ac4e9f4e22_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_1157f2b7-18b1-4ecc-a13d-93ac4e9f4e22_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_1cbbceea-212f-45f9-bb21-75a3444eccb2_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_1cbbceea-212f-45f9-bb21-75a3444eccb2_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_76398031-c614-4373-acb3-4d6a459aff0c_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_76398031-c614-4373-acb3-4d6a459aff0c_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_76899ac8-d79b-4ca7-aa42-0ba5d1166a44_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_76899ac8-d79b-4ca7-aa42-0ba5d1166a44_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_8070f196-0d77-40b0-a806-cb2e104af019_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_8070f196-0d77-40b0-a806-cb2e104af019_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_836e38a6-fcb0-45e0-a11e-0afa1cc86e9e_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_ce243189-b196-48b7-ad83-6ca1957021fa_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_d0faeadf-6787-45e1-94be-0e5314d80afc_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_d0faeadf-6787-45e1-94be-0e5314d80afc_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_d18fab61-6ad3-445a-9f80-2f2721ceadcd_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_d18fab61-6ad3-445a-9f80-2f2721ceadcd_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_da7649d9-d987-43aa-af20-757dc09fa8a2_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86\System.Data.SQLite.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\EnterDigital.ico, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\7za.exe, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\EnterDigitalUninstall.exe, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\updateEnterDigital.InstallState, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\60fb1691e7e84d48b26c.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\60fb1691e7e84d48b26c64.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\7za.exe, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\BrowserAdapter.7z, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter.exe, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowseG.zip, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\tmp2F3B.tmp, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\utilEnterDigital.InstallState, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\{60fb1691-e7e8-4d48-b26c-c3f85822f710}.dll, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\{60fb1691-e7e8-4d48-b26c-c3f85822f710}64.dll, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins\EnterDigital.Bromon.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins\EnterDigital.BroStats.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins\EnterDigital.BrowserAdapter.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins\EnterDigital.CompatibilityChecker.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins\EnterDigital.FFUpdate.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins\EnterDigital.GCUpdate.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins\EnterDigital.IEUpdate.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins\EnterDigital.Msvcmon.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins\EnterDigital.PurBrowseG.dll, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, Quarantined, [e97ec275d2aa152122b6af7c956e35cb], PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, Quarantined, [f67189ae5626c571c514200b897afe02], PUP.Optional.VOPackage.A, C:\Users\Karol's Krafts\AppData\Roaming\VOPackage\Uninstall.exe, Quarantined, [5413a88f98e435015e634fdd1ce754ac], PUP.Optional.VOPackage.A, C:\Users\Karol's Krafts\AppData\Roaming\VOPackage\VOPackage.exe, Quarantined, [5413a88f98e435015e634fdd1ce754ac], PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\unins000.dat, Quarantined, [3f2853e4ee8e63d35e6e5cd122e15ca4], PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\eDealPop.exe, Delete-on-Reboot, [3f2853e4ee8e63d35e6e5cd122e15ca4], PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\msvcp100.dll, Quarantined, [3f2853e4ee8e63d35e6e5cd122e15ca4], PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\msvcr100.dll, Delete-on-Reboot, [3f2853e4ee8e63d35e6e5cd122e15ca4], PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\unins000.exe, Quarantined, [3f2853e4ee8e63d35e6e5cd122e15ca4], PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced-System Protector_startup, Quarantined, [94d387b07705da5c132b42f2e0239d63], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Uninstall Advanced-System Protector.lnk, Quarantined, [1750a88f304cd85e3192db59857eb050], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector Trouble Shooter.lnk, Quarantined, [1750a88f304cd85e3192db59857eb050], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector.lnk, Quarantined, [1750a88f304cd85e3192db59857eb050], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Register Advanced-System Protector.lnk, Quarantined, [1750a88f304cd85e3192db59857eb050], PUP.Optional.AdvancedSystemProtector, C:\Users\Public\Desktop\Advanced-System Protector.lnk, Quarantined, [72f54bec502c7fb7bf05da5aa2619c64], PUP.Optional.RegCleanerPro, C:\Users\Public\Desktop\RegClean Pro.lnk, Quarantined, [f96e46f11864d1653da667cfc43f0ff1], PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\RegClean Pro, Quarantined, [f47392a5c3b95adc578e42f4f50eab55], PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, Quarantined, [ff6823146517ab8bf9edeb4ba65d768a], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64.sys, Quarantined, [acbb50e7a1db3afc4cdfc8727a8909f7], PUP.Optional.VOPackage, C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk, Quarantined, [c99e93a444388caa2ba82a11fc079d63], PUP.Optional.RegCleanPro.A, C:\Windows\System32\Tasks\RegClean Pro_DEFAULT, Quarantined, [5017b97eb4c8d363b36d043dcd36ac54], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, Quarantined, [1552e94e502c83b319c2e56622e1659b], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, Quarantined, [1552e94e502c83b319c2e56622e1659b], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk, Quarantined, [1552e94e502c83b319c2e56622e1659b], PUP.Optional.RegCleanerPro.J, C:\Windows\Tasks\RegClean Pro_UPDATES.job, Quarantined, [f77084b3156740f680746104b251db25], PUP.Optional.RegCleanPro.A, C:\Windows\Tasks\RegClean Pro_DEFAULT.job, Quarantined, [93d453e40e6e5dd9cfba6b0df3118a76], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Icon.ico, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe.config, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\norwegian_asp_NO.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AppResource.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\asp.ico, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AspManager.exe, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\aspsys.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\ASPUninstall.exe, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\categories.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Chinese_asp_ZH-CN.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Chinese_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Communication.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\danish_asp_DA.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Danish_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\dutch_asp_NL.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Dutch_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\eng_asp_en.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\eng_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\filetypehelper.exe, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Finnish_asp_FI.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Finnish_uninst_fi.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\french_asp_FR.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\French_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\german_asp_DE.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\German_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Norwegian_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\polish_uninst_pl.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\portugese_uninst_pt.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\portuguese_asp_PT-BR.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Portuguese_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\russian_asp_ru.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\russian_uninst_ru.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\scandll.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\spanish_asp_ES.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\spanish_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\swedish_asp_SV.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\swedish_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\greek_uninst_el.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Interop.IWshRuntimeLibrary.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\italian_asp_IT.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Italian_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\japanese_asp_JA.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Japanese_uninst.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\korean_uninst_ko.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\loading_withWhiteBG.avi, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Microsoft.Win32.TaskScheduler.DLL, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\System.Core.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\System.Data.SQLite.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\TPS.ico, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\traditionalcn_uninst_zh-tw.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Turkish_uninst_tr.ini, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.dat, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.exe, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.msg, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unrar.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Compression.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Compression.Formats.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.FileSystem.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Zip.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\clamscan.exe, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\libclamav.dll, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\readme.txt, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.com, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.exe, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.pif, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.scr, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\ASP-Troubleshooter.chm, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\firefox.com, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\iexplore.exe, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\iexplore.lnk, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Chinese_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\FileList.rcp, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Chinese_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\CleanSchedule.exe, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Danish_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Danish_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Dutch_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Dutch_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\eng_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\eng_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Japanese_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Japanese_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\korean_rcp_ko.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\korean_uninst_ko.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\LicMgr.dll, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Norwegian_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Norwegian_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\polish_rcp_pl.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\polish_uninst_pl.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\portugese_rcp_pt.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\portugese_uninst_pt.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Portuguese_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Portuguese_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RCPUninstall.exe, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\French_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\French_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\German_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\German_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\greek_rcp_el.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\greek_uninst_el.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\install_left_image.bmp, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\isxdl.dll, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Italian_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Italian_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RegCleanPro.exe, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RegList.rcp, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\russian_rcp_ru.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\russian_uninst_ru.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Spanish_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\spanish_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Swedish_rcp.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\swedish_uninst.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\systweakasp.exe, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TPS.ico, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\turkish_rcp_tr.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.dat, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.exe, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.msg, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\xmllite.dll, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [76f1f740215bf24446d37a2447bdd030], PUP.Optional.ReMarkable.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [f77046f13a42be7849b7900f26de956b], PUP.Optional.ReMarkable.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [c99e63d4d2aa1b1be917ddc2fd076f91], PUP.Optional.SearchSnacks, C:\Windows\System32\drivers\ssnfd.sys, Quarantined, [bdaad95efd7fde5811c379c0b54ef40c], PUP.Optional.Score.A, C:\Windows\rcore.exe, Delete-on-Reboot, [d196290e66162214a300c3dd60a48d73], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe, Delete-on-Reboot, [d0972c0b99e3d0667edffe4b649feb15], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup3.bin, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup4.bin, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup6.bin, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\bl.txt, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\eng_rcp.dat, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_11-03-2014.log, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.SearchProtect.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [cc9b191e3349b284e8cbb7585aa96799], PUP.Optional.SearchProtect.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [cc9b191e3349b284e8cbb7585aa96799], PUP.Optional.SearchProtect.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [cc9b191e3349b284e8cbb7585aa96799], PUP.Optional.SearchProtect.A, C:\Users\Karol's Krafts\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [1f489a9d4b313bfbc6ed4ec1b2516a96], PUP.Optional.SearchProtect.A, C:\Users\Karol's Krafts\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [1f489a9d4b313bfbc6ed4ec1b2516a96], PUP.Optional.SearchProtect.A, C:\Users\Karol's Krafts\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [1f489a9d4b313bfbc6ed4ec1b2516a96], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\background.html, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\manifest.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\newtab.html, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\opentab.html, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\comp.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\phone-frame.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\phone.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\0-mobile.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\0.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\1-mobile.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\1.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\2-mobile.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\2.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\3-mobile.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\3.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\4-mobile.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\4.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\5-mobile.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\5.jpg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\data\gallery.json, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\9gag.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\afterDownload.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\aim.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\aim_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\amazon.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\apple.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\app_store.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\arto.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\aws.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\baidu.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\basecamp.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\bebo.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\behance.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\bing.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blogger.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\bnter.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\brightkite.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\cinch.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\cloudapp.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\coroflot.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\creative_commons.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dailybooth.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\delicious.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\designbump.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\designfloat.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\designmoo.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\deviantart.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\digg.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\digg_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\diigo.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dribbble.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dropbox.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\drupal.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dzone.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ebay.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ember.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\etsy.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\evernote.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\expedia.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facebook.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facebook_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facebook_places.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facto.me.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\feedburner.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\flickr.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\folkd.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\formspring.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\forrst.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\foursquare.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\foxtab.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\friendfeed.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\friendster.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\funmoods.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gdgt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\github.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\github_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gmail.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\goodreads.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google-drive.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google_buzz.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google_talk.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gowalla.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gowalla_alt.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\grooveshark.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hacker_news.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hi5.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hype_machine.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hyves.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\icq.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\identi.ca.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\installCore.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\instapaper.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ironSource.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-bizcards.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-confluence.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blip.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gameo.png, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\last.fm.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\msn_messenger.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\picassa.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\retweet.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\squarespace.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tumblr.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-facebook.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-googleplus.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-jira.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-linkedin.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-news.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-presence.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-signature.svg, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-twitter.svg, Quarantined,

Thanks Adam. I would have posted the MBAM log on the initial post but wasn't sure how to pull it up. Now that I look at that, I see they scanned the computer before they brought it to me so I will post the initial scan they did and then the scan I did the next day when I had the system. The folders and ip addresses you asked about does not mean anything to the owner of the system (in-laws). Also after looking at the initial scan I see a lot of items were located under the brian.KarolsKrafts-hp user account but the first thing I did at the request of owner was to remove the grandson's account. Log 1 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/3/2014 Scan Time: 7:19:42 PM Logfile: scan 1.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.03.11 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Karol's Krafts Scan Type: Threat Scan Result: Completed Objects Scanned: 437643 Time Elapsed: 28 min, 14 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 14 PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\DonutLeadsService.exe, 1880, Delete-on-Reboot, [036433044933171fa9d03239c93c6898] PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, 1948, Delete-on-Reboot, [f4730f28621a2d09da43485c02ff639d] PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\utilEnterDigital.exe, 4372, Delete-on-Reboot, [65023bfc9ce0cb6b179bab2ed52c669a] PUP.Optional.Prt, C:\Windows\SysWOW64\ClipboardTaskWinsock\ClipboardTaskWinsock.exe, 2280, Delete-on-Reboot, [5710e651384486b0c75d1d109a6bd32d] PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe, 2792, Delete-on-Reboot, [91d62017d7a55ed8862cbf1a4bb637c9] PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, 6076, Delete-on-Reboot, [f96e35022b51e84e8db518c4ff02619f] PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, 2192, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae] PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter.exe, 2616, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54] PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe, 3772, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54] PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe, 488, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54] PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\eDealPop.exe, 6132, Delete-on-Reboot, [3f2853e4ee8e63d35e6e5cd122e15ca4] PUP.Optional.Score.A, C:\Windows\rcore.exe, 2532, Delete-on-Reboot, [d196290e66162214a300c3dd60a48d73] PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe, 4680, Delete-on-Reboot, [d0972c0b99e3d0667edffe4b649feb15] PUP.Optional.OneSoftPerDay.A, C:\Users\Karol's Krafts\AppData\Local\ospd_us_349\upospd_us_349.exe, 5828, Delete-on-Reboot, [7cebb3843448d1651cf2150ce22138c8] Modules: 2 PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\{60fb1691-e7e8-4d48-b26c-c3f85822f710}.dll, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\msvcr100.dll, Delete-on-Reboot, [3f2853e4ee8e63d35e6e5cd122e15ca4], Registry Keys: 74 PUP.Optional.DonutLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\donutleadsServiceCore, Quarantined, [036433044933171fa9d03239c93c6898], PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [f4730f28621a2d09da43485c02ff639d], PUP.Optional.EnterDigital.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util EnterDigital, Quarantined, [65023bfc9ce0cb6b179bab2ed52c669a], PUP.Optional.Prt, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ClipboardTaskWinsock, Quarantined, [5710e651384486b0c75d1d109a6bd32d], PUP.Optional.EnterDigital.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update EnterDigital, Quarantined, [91d62017d7a55ed8862cbf1a4bb637c9], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [96d145f2ef8d88ae5e58e9fd60a20af6], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [96d145f2ef8d88ae5e58e9fd60a20af6], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\CLASSES\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\CLASSES\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}\INPROCSERVER32, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F32C616B-19B1-4978-919B-ACB52B51CAA5}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CCE39B30-B61A-4569-9411-43747C6C481F}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CCE39B30-B61A-4569-9411-43747C6C481F}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F32C616B-19B1-4978-919B-ACB52B51CAA5}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91b8f7a9-1558-40b3-b1e9-824ae5a2089f}, Quarantined, [31364fe8027ace68a8329b0f946e1be5], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{09E31FDA-3893-4C78-9562-7B8DF8F5F47C}, Quarantined, [31364fe8027ace68a8329b0f946e1be5], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C69A48F3-9357-40E4-9C73-9B3A8E23A128}, Quarantined, [31364fe8027ace68a8329b0f946e1be5], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C69A48F3-9357-40E4-9C73-9B3A8E23A128}, Quarantined, [31364fe8027ace68a8329b0f946e1be5], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{09E31FDA-3893-4C78-9562-7B8DF8F5F47C}, Quarantined, [31364fe8027ace68a8329b0f946e1be5], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{91B8F7A9-1558-40B3-B1E9-824AE5A2089F}, Quarantined, [31364fe8027ace68a8329b0f946e1be5], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [571097a0186478be5701fab311f13fc1], PUP.Optional.DonutLeads.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\donutleads, Quarantined, [194e88afa8d490a68d3b854ced14d12f], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchSnacks, Quarantined, [ff681225384436003c92ad24f70abd43], PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BackupStack, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyPC Backup, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\EnterDigital, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.VOPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [5413a88f98e435015e634fdd1ce754ac], PUP.Optional.eDealsPop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\eDealPop_is1, Quarantined, [3f2853e4ee8e63d35e6e5cd122e15ca4], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64, Quarantined, [acbb50e7a1db3afc4cdfc8727a8909f7], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean Pro_is1, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean-Pro_is1, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [6205bd7aadcff343a8b04956a75dd62a], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [bfa81225d7a5a88edb3b8717ec188878], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [abbc86b16319a88e58bd7a241fe527d9], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [6007da5d2c5054e2879c83ad946fc937], PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\WOW6432NODE\PCTRunner, Quarantined, [085fa097354782b48d72b17e32d141bf], PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, Quarantined, [f86fed4a522a5bdb80ed052500036d93], PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [b5b24dea720a60d6f365cbd4f60ed729], PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [5a0db582106ce452b5600c20c142659b], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_349_is1, Quarantined, [501740f74834fd390a18b37dfa098a76], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [e87ffd3afd7fa393443bb28e21e259a7], PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\Advanced-System Protector, Quarantined, [2b3cb3844834fc3a09c6eb4806fdcc34], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, Quarantined, [e97e69ce7efeb38389b290ae4db6cd33], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [43240d2a7efe9d993758e658c93abf41], PUP.Optional.SearchSnacks, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd, Quarantined, [bdaad95efd7fde5811c379c0b54ef40c], PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES, Quarantined, [d196290e66162214a300c3dd60a48d73], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [3e29c077483465d16c69162358abdd23], PUP.Optional.SearchSnacks.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SSSVC, Quarantined, [d0972c0b99e3d0667edffe4b649feb15], PUP.Optional.MyOSProtect.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PCTRunner, Quarantined, [7ceb2710f587af876f91c46c996a11ef], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [8dda61d66f0d83b32af4c3dae222fc04], PUP.Optional.Astromenda.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_astromenda, Quarantined, [b4b3cd6a067677bf28e80a2ab74c44bc], PUP.Optional.Astromenda.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [0562a79009733afcd188c9d6d13324dc], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [98cf17202c5061d583269ec53dc6e020], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [78ef65d2bcc0ba7cfbed6f0a35cf7090], PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced-System Protector, Quarantined, [9ccbec4b116bb4824090171cb84b926e], PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [4c1b0037750767cf503985fae51f8c74], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [e5820a2d0d6fe551b3db98a646bdc13f], PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Astromenda, Quarantined, [a2c54bec4636d165769d78a5788b639d], Registry Values: 10 PUP.Optional.eDealsPop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|eDealPop, "C:\Program Files (x86)\eDealPop\eDealPop.exe", Quarantined, [3f2853e4ee8e63d35e6e5cd122e15ca4] PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_349, "C:\Program Files (x86)\ospd_us_349\ospd_us_349.exe", Quarantined, [f6719f98ed8fe452bf6676ba13f0c838] PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Users\Karol's Krafts\AppData\Roaming\VOPackage\uninstall.exe", Quarantined, [4522af88d6a643f3b121d46743c0f50b] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [e87ffd3afd7fa393443bb28e21e259a7] PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK|ImagePath, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, Quarantined, [b4b3fe39d4a89d9927ea82a617ec837d] PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES|ImagePath, C:\Windows\rcore.exe, Quarantined, [d196290e66162214a300c3dd60a48d73] PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, Quarantined, [3e29c077483465d16c69162358abdd23] PUP.Optional.SearchSnacks.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SSSVC|ImagePath, "C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe", Quarantined, [d0972c0b99e3d0667edffe4b649feb15] PUP.Optional.InstallCore.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, Quarantined, [78ef65d2bcc0ba7cfbed6f0a35cf7090] PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upospd_us_349.exe, C:\Users\Karol's Krafts\AppData\Local\ospd_us_349\upospd_us_349.exe -runonce, Quarantined, [7cebb3843448d1651cf2150ce22138c8] Registry Data: 3 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Replaced,[60075cdb5e1e1620b16cabf94ab72bd5] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~2\optimi~1\optpro~1.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Replaced,[b8af092e94e88bab1c01c1e3d62b55ab] PUP.Optional.Astromenda.A, HKU\S-1-5-21-3278930305-513671393-255404018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://astromenda.com/?f=1&a=ast_app_14_44_ie&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyD0A0CtByE0F0BtByB0AtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0ByDtCyDyE0EtGtAzy0F0CtGyD0AyCyDtGzytA0C0AtGyDtD0AyCyCtBtB0C0A0Ezz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDtC0EtD0C0A0AtGzytA0BzztGyEtC0DyCtG0B0A0B0DtGyCzztC0CtAtAyEyD0A0FtDzy2Q&cr=1885302309&ir=, Good: (www.google.com), Bad: (http://astromenda.com/?f=1&a=ast_app_14_44_ie&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyD0A0CtByE0F0BtByB0AtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0ByDtCyDyE0EtGtAzy0F0CtGyD0AyCyDtGzytA0C0AtGyDtD0AyCyCtBtB0C0A0Ezz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDtC0EtD0C0A0AtGzytA0BzztGyEtC0DyCtG0B0A0B0DtGyCzztC0CtAtAyEyD0A0FtDzy2Q&cr=1885302309&ir=),Replaced,[b8af55e2126aab8ba56788b32cd9fc04] Folders: 142 PUP.Optional.MyPCBackup.A, C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup, Quarantined, [a7c01225d0ac1323c04f9197f60d8d73], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Config, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\cache, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\~updates, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin, Delete-on-Reboot, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\plugins, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\TEMP, Quarantined, [b1b67cbb7ffd0e28fc7350d958abac54], PUP.Optional.VOPackage.A, C:\Users\Karol's Krafts\AppData\Roaming\VOPackage, Quarantined, [5413a88f98e435015e634fdd1ce754ac], PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop, Delete-on-Reboot, [3f2853e4ee8e63d35e6e5cd122e15ca4], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector, Quarantined, [1750a88f304cd85e3192db59857eb050], PUP.Optional.VOPackage, C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage, Quarantined, [c99e93a444388caa2ba82a11fc079d63], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, Quarantined, [1552e94e502c83b319c2e56622e1659b], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Delete-on-Reboot, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Delete-on-Reboot, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Delete-on-Reboot, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Delete-on-Reboot, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Delete-on-Reboot, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Delete-on-Reboot, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Delete-on-Reboot, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [0d5a34038eeeb086ae3d028132d242be], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter, Quarantined, [046342f5dd9f41f594851e7efa0acd33], PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP, Quarantined, [8ed977c0e59701354ecd9dffcd37f709], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.RegCleanerPro.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, Quarantined, [6700aa8d5428d363198cd7236c96d42c], PUP.Optional.SearchProtect.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\SearchProtect, Quarantined, [cc9b191e3349b284e8cbb7585aa96799], PUP.Optional.SearchProtect.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\SearchProtect\SearchProtect, Quarantined, [cc9b191e3349b284e8cbb7585aa96799], PUP.Optional.SearchProtect.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [cc9b191e3349b284e8cbb7585aa96799], PUP.Optional.SearchProtect.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [cc9b191e3349b284e8cbb7585aa96799], PUP.Optional.SearchProtect.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\SearchProtect\UI, Quarantined, [cc9b191e3349b284e8cbb7585aa96799], PUP.Optional.SearchProtect.A, C:\Users\brian.KarolsKrafts-HP\AppData\Local\SearchProtect\UI\rep, Quarantined, [cc9b191e3349b284e8cbb7585aa96799], PUP.Optional.SearchProtect.A, C:\Users\Karol's Krafts\AppData\Local\SearchProtect, Delete-on-Reboot, [1f489a9d4b313bfbc6ed4ec1b2516a96], PUP.Optional.SearchProtect.A, C:\Users\Karol's Krafts\AppData\Local\SearchProtect\SearchProtect, Delete-on-Reboot, [1f489a9d4b313bfbc6ed4ec1b2516a96], PUP.Optional.SearchProtect.A, C:\Users\Karol's Krafts\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [1f489a9d4b313bfbc6ed4ec1b2516a96], PUP.Optional.SearchProtect.A, C:\Users\Karol's Krafts\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [1f489a9d4b313bfbc6ed4ec1b2516a96], PUP.Optional.SearchProtect.A, C:\Users\Karol's Krafts\AppData\Local\SearchProtect\UI, Quarantined, [1f489a9d4b313bfbc6ed4ec1b2516a96], PUP.Optional.SearchProtect.A, C:\Users\Karol's Krafts\AppData\Local\SearchProtect\UI\rep, Quarantined, [1f489a9d4b313bfbc6ed4ec1b2516a96], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\data, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\about, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\discovery, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\loaders, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\bubbles, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\buttons, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\city, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\clean, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\disco, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\fishing, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\forest, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\mountains, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\planets, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sea, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\space, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\strips, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sunset, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\user, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ar, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\de, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\en, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\es, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\fr, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\he, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\it, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ja, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\nl, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pl, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pt_BR, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ru, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\tr, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Users\brian.KarolsKrafts-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_metadata, Quarantined, [135477c07ffd90a643cf17067e85867a], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, Quarantined, [a2c54bec4636d165769d78a5788b639d], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\bh, Quarantined, [a2c54bec4636d165769d78a5788b639d], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Roaming\WSE_Astromenda, Quarantined, [98cff542027afe38aa8226f751b234cc], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Roaming\WSE_Astromenda\icons_3.6.0.3, Quarantined, [98cff542027afe38aa8226f751b234cc], PUP.Optional.Astromenda.A, C:\Users\Karol's Krafts\AppData\Roaming\WSE_Astromenda\UpdateProc, Quarantined, [98cff542027afe38aa8226f751b234cc], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector, Quarantined, [ee79a39492ea10263c2f28f5cf347c84], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures, Quarantined, [ee79a39492ea10263c2f28f5cf347c84], PUP.Optional.AdvancedSystemProtector.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\Advanced-System Protector, Quarantined, [5017ab8c770515214328ac711de6d22e], PUP.Optional.AdvancedSystemProtector.A, C:\Users\Karol's Krafts\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.14138, Quarantined, [5017ab8c770515214328ac711de6d22e], PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, Quarantined, [04637cbb047880b618f59b86cb38b24e], PUP.Optional.OneSoftPerDay.A, C:\Users\Karol's Krafts\AppData\Local\ospd_us_349, Delete-on-Reboot, [7cebb3843448d1651cf2150ce22138c8], PUP.Optional.OneSoftPerDay.A, C:\Users\Karol's Krafts\AppData\Local\ospd_us_349\Download, Quarantined, [7cebb3843448d1651cf2150ce22138c8], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_349, Quarantined, [bdaa4becb4c885b1848bc75abe452ad6], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads, Delete-on-Reboot, [175052e53f3d88ae0a9fe83c15eeb749], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\images, Quarantined, [175052e53f3d88ae0a9fe83c15eeb749], PUP.Optional.DonutLeads.A, C:\ProgramData\donutleads, Quarantined, [46216dca314b11258327c06459aab14f], PUP.Optional.SearchSnacks.A, C:\Program Files\SearchSnacks, Quarantined, [35320631f4880a2c4e6f190ce91a6997], PUP.Optional.SearchSnacks.A, C:\Program Files\SearchSnacks\IE, Quarantined, [35320631f4880a2c4e6f190ce91a6997], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks, Delete-on-Reboot, [cd9abe7947355fd78934cf561be858a8], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses, Quarantined, [cd9abe7947355fd78934cf561be858a8], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\IE, Quarantined, [cd9abe7947355fd78934cf561be858a8], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\Service, Delete-on-Reboot, [cd9abe7947355fd78934cf561be858a8], Files: 1028 PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\DonutLeadsService.exe, Delete-on-Reboot, [036433044933171fa9d03239c93c6898], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Delete-on-Reboot, [f4730f28621a2d09da43485c02ff639d], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\bin\utilEnterDigital.exe, Delete-on-Reboot, [65023bfc9ce0cb6b179bab2ed52c669a], PUP.Optional.Prt, C:\Windows\SysWOW64\ClipboardTaskWinsock\ClipboardTaskWinsock.exe, Delete-on-Reboot, [5710e651384486b0c75d1d109a6bd32d], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe, Delete-on-Reboot, [91d62017d7a55ed8862cbf1a4bb637c9], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Delete-on-Reboot, [baad24137efea98d31ec772dc23f9070], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Delete-on-Reboot, [81e6a394255739fdd7467f258d7452ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, Delete-on-Reboot, [f96e35022b51e84e8db518c4ff02619f], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Quarantined, [60075cdb5e1e1620b16cabf94ab72bd5], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Quarantined, [b8af092e94e88bab1c01c1e3d62b55ab], PUP.Optional.SearchSnacks.A, C:\Program Files\SearchSnacks\IE\SearchSnacksClientIE.dll, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\IE\SearchSnacksClientIE.dll, Quarantined, [aabd61d6275581b594a8cee031d1867a], PUP.Optional.EnterDigital.A, C:\Program Files (x86)\EnterDigital\EnterDigitalbho.dll, Quarantined, [31364fe8027ace68a8329b0f946e1be5], PUP.Optional.DonutLeads.A, C:\Program Files (x86)\donutleads\uninstall.exe, Quarantined, [194e88afa8d490a68d3b854ced14d12f], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Service Start.exe, Quarantined, [32350a2d760662d4420020bc5aa7d62a], PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\Uninstall.exe, Quarantined, [ff681225384436003c92ad24f70abd43], PUP.Optional.RegCleanPro, C:\Windows\System32\roboot64.exe, Quarantined, [0265a394f78575c1f4a1872d22df0af6], PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\sasnative64.exe, Quarantined, [481f05329be164d2d1c3cce822dfc33d], PUP.Optional.ConsumerInput.A, C:\Users\Karol's Krafts\AppData\Local\Temp\goopdate.dll72ba1c, Quarantined, [81e693a477050f2747eba6d6d829bb45], PUP.Optional.ShopHelper, C:\Users\Karol's Krafts\AppData\Local\Temp\SHelp2.exe, Quarantined, [6ef957e0473593a304d4d2d14fb3c33d], PUP.Optional.ConsumerInput.A, C:\Users\Karol's Krafts\AppData\Local\Temp\ConsumerInputUpdate.exe72b9ee, Quarantined, [ff684ceb2a528da951e1d8a403fefb05], PUP.Optional.OutBrowse, C:\Users\Karol's Krafts\AppData\Local\Temp\8C0Etmp\shoppinhelper2_setup2c2.03.9.exe, Quarantined, [1a4d54e38defd75fe5e94d7c956c3cc4], PUP.Optional.EDeals.A, C:\Users\Karol's Krafts\AppData\Local\Temp\8C3Btmp\edealinstaller-distribution.exe, Quarantined, [b4b3989f423a5fd75d3d66f18b756a96], PUP.Optional.ArcadeGiant.A, C:\Users\Karol's Krafts\AppData\Local\Temp\8C3Ctmp\setuparcadegiant.exe, Quarantined, [3532cb6c512b47efb361d0dcb74a25db], PUP.Optional.DonutLeads.A, C:\Users\Karol's Krafts\AppData\Local\Temp\8C3Dtmp\donutleadssetup_tu_p_1.3.1.1_280914.exe, Quarantined, [70f7fd3a86f691a5b4148b4603fedc24], PUP.Optional.UptUpdater.A, C:\Windows\Temp\UptUpdater.exe, Quarantined, [e97eec4b582483b39829def620e14bb5], PUP.Optional.AirInstaller, C:\Users\brian.KarolsKrafts-HP\Downloads\SoftwareUpdate.exe, Quarantined, [7cebea4de09c88ae7738a91d27da0ff1], PUP.Optional.DownloadAssistant, C:\Users\Karol's Krafts\Downloads\JavaSetup.exe, Quarantined, [80e7b2852c5064d2fe1738f5a461e21e], PUP.Optional.OptimunInstaller, C:\Users\Karol's Krafts\Downloads\javaupdate_setup.exe, Quarantined, [e97e201783f9e45220b537123fc121df], PUP.Optional.OptimunInstaller, C:\Users\Karol's Krafts\Downloads\setup (1).exe, Quarantined, [a5c25add2e4ec76f3e9701483ec24db3], PUP.Optional.DomaIQ, C:\Users\Karol's Krafts\Downloads\Setup (2).exe, Quarantined, [45222f082a52f541c2231744e7196898], PUP.Optional.DomaIQ, C:\Users\Karol's Krafts\Downloads\Setup (3).exe, Quarantined, [016645f29ae260d66d78b0ab0cf415eb], PUP.Optional.DomaIQ, C:\Users\Karol's Krafts\Downloads\Setup (4).exe, Quarantined, [57108cabbbc1ad895b8a580305fba759], PUP.Optional.DomaIQ, C:\Users\Karol's Krafts\Downloads\Setup (5).exe, Quarantined, [561133043943e94d85603c1f02feaf51], PUP.Optional.DomaIQ, C:\Users\Karol's Krafts\Downloads\Setup (6).exe, Quarantined, [ff68082f8cf086b0faebce8d55abdb25], PUP.Optional.DomaIQ, C:\Users\Karol's Krafts\Downloads\Setup (7).exe, Quarantined, [35322d0a621a1125fee7c19abd432cd4], PUP.Optional.DomaIQ, C:\Users\Karol's Krafts\Downloads\Setup (8).exe, Quarantined, [7ceb95a24b31092d2bbaf16aff01a65a], PUP.Optional.OptimunInstaller, C:\Users\Karol's Krafts\Downloads\setup.exe, Quarantined, [0c5b1621225a979f864f66e326dac53b], Trojan.AntiSniff, C:\Users\Karol's Krafts\AppData\Local\PerlScriptWinsock\SrDt.exe, Quarantined, [c0a72f085a225dd9584a5fcd64a1fa06], PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, Quarantined, [81e6b483cbb137ff58c5fba9c63be917], PUP.Optional.MyPCBackup.A, C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk, Quarantined, [0265c6717efec175e22b2afe34cf3dc3], PUP.Optional.MyPCBackup.A, C:\Users\Karol's Krafts\Desktop\MyPC Backup.lnk, Quarantined, [72f534039ddfc86eac621f09e91a9b65], PUP.Optional.MyPCBackup.A, C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\MyPC Backup.lnk, Quarantined, [a7c01225d0ac1323c04f9197f60d8d73], PUP.Optional.MyPCBackup.A, C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\Uninstall.lnk, Quarantined, [a7c01225d0ac1323c04f9197f60d8d73], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\aff.conf, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AWSSDK.dll, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Crypto32.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Crypto64.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\de_DE.mo, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\diffstack.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\es_ES.mo, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\GetText.dll, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\it_IT.mo, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LinqBridge.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBClient.dll, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\mypcbackup.ico, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\ObjectListView.dll, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RestartExplorer.exe, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Shared Stack.dll, Delete-on-Reboot, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncicon.ico, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncing.ico, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\tick.ico, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\uninst.exe, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater.exe, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Config\api.ts2, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_backup_conf.db, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_backup_id.db, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_file_cache.db, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_queues.db, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_sig_cache.db, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_version_queue.db, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\APPLICATION.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\AUTH.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\BACKOFF.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\BACKUP.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\BACKUP_COMPLETE.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\CLIENT.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\GRID_RECOVERY.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\GRID_RECOVERY_INIT.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\LICENCE.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\NETWORK_SHARES.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\REMOTING.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\REQUEST.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SERVER_DECODE_LOG.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SERVICE.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SHELL.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\TASKS.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\UPDATER.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\UTC_MIGRATION.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\WAIT_HANDLES.log, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_015d14e2-23f9-4afa-9f6a-5d3d92922338_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_015d14e2-23f9-4afa-9f6a-5d3d92922338_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_032df35f-1b9b-493f-8408-d59f31ab08b3_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_032df35f-1b9b-493f-8408-d59f31ab08b3_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_0392b59c-e11f-42b7-8253-7fa4691d0982_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_0392b59c-e11f-42b7-8253-7fa4691d0982_backupKeyCache.tree, Quarantined, [dd8aba7d58244cea35db61c7de2552ae], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_08e170b4-464c-4f06-83c8-e04075378b16_backupKeyCache.block, Quarantined, [dd8aba7d58244cea35db61c7de2552ae],

A computer I have is unable to reach the internet because it is unable to connect through the fake proxy settings that something has put on the system. I am unable to remove the Proxy settings from Internet Options therefore none of the browsers on the system will work. I did an initial scan with Malwarebytes like usual and it removed a few items but didn't help. Here is FRST. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014 Ran by Karol's Krafts (administrator) on KAROLSKRAFTS-HP on 04-11-2014 20:35:14 Running from C:\Users\Karol's Krafts\Desktop Loaded Profile: Karol's Krafts (Available profiles: Karol's Krafts) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:24889 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ie SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MB467C5E9-0242-4BFF-8DCA-56403B118A29&SearchSource=58&CUI=&UM=6&UP=SPD153A248-04AF-40C4-AE37-6139F1FDB0A6&q={searchTerms}&SSPV= SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKCU - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140102,20028,0,77,0 SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82201&iwk=242&lng=en SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll () BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Tcpip\Parameters: [DhcpNameServer] 208.67.220.222 208.67.220.220 192.168.2.1 Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90 Tcpip\..\Interfaces\{818DA884-73BF-4A7C-8212-D3AC502D1BDB}: [NameServer] 184.172.114.130,208.43.110.90 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 184.172.114.130,208.43.110.90 Tcpip\..\Interfaces\{84E0B216-DECA-45E4-B710-8CC7809BC1EA}: [NameServer] 184.172.114.130,208.43.110.90 Tcpip\..\Interfaces\{C2E86849-DB9B-4CD2-925E-885167DF313F}: [NameServer] 184.172.114.130,208.43.110.90 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll No File FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-18] FF HKCU\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF Chrome: ======= CHR DefaultSearchKeyword: Default -> astromenda.com CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_44_ie&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyD0A0CtByE0F0BtByB0AtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0ByDtCyDyE0EtGtAzy0F0CtGyD0AyCyDtGzytA0C0AtGyDtD0AyCyCtBtB0C0A0Ezz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDtC0EtD0C0A0AtGzytA0BzztGyEtC0DyCtG0B0A0B0DtGyCzztC0CtAtAyEyD0A0FtDzy2Q&cr=1885302309&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SpeedAnalysis.com) - C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon [2013-09-27] CHR HKLM-x32\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Karol's Krafts\AppData\Roaming\SpeedanAlysis\speedanalysis.crx [2013-02-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed] R2 MaintainerSvc6.37.565328; C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [123632 2014-11-04] () R2 MSSQLSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2006-08-22] (SafeNet, Inc.) R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-12-21] (SafeNet, Inc) S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] S2 MetafileNetSDK.exe; C:\Users\Karol's Krafts\AppData\Local\MetafileNetSDK\MetafileNetSDK.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.) S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-09] (SafeNet Inc.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-09] (SafeNet Inc.) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1863720 2012-06-01] () S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.) R4 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [X] R4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20131101.001\IDSvia64.sys [X] R4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [X] R4 SymDS; system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [X] R4 SymEFA; system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 20:35 - 2014-11-04 20:35 - 00015872 _____ () C:\Users\Karol's Krafts\Desktop\FRST.txt 2014-11-04 20:35 - 2014-11-04 20:35 - 00000000 ____D () C:\FRST 2014-11-04 20:34 - 2014-11-04 20:34 - 02114560 _____ (Farbar) C:\Users\Karol's Krafts\Desktop\FRST64.exe 2014-11-04 20:33 - 2014-11-04 20:32 - 01106432 _____ (Farbar) C:\Users\Karol's Krafts\Desktop\FRST.exe 2014-11-04 20:22 - 2014-11-04 20:22 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-04 20:22 - 2014-11-04 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-04 20:21 - 2014-11-04 20:28 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-04 20:21 - 2014-11-04 20:28 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-04 20:21 - 2014-11-04 20:21 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-04 20:21 - 2014-11-04 20:21 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-03 19:07 - 2014-11-03 19:52 - 00000000 ____D () C:\ProgramData\Systweak 2014-11-03 19:06 - 2014-11-03 19:52 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\Systweak 2014-11-03 19:06 - 2014-11-03 19:07 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\ASP 2014-11-03 13:56 - 2014-11-03 13:56 - 00000046 _____ () C:\Users\Karol's Krafts\AppData\Roaming\WB.CFG 2014-11-03 00:31 - 2014-11-04 18:56 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 2014-11-02 23:08 - 2014-11-02 23:08 - 00000000 ____D () C:\Users\Karol's Krafts\.android 2014-11-02 22:59 - 2014-11-02 23:06 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-11-02 22:58 - 2014-11-02 22:58 - 13141248 _____ (BlueStack Systems Inc.) C:\Users\Karol's Krafts\Downloads\BlueStacks-Installer.exe 2014-11-02 22:55 - 2014-11-03 20:17 - 00000000 ____D () C:\ProgramData\BoostSoftware 2014-11-02 22:48 - 2014-11-02 22:48 - 00001087 _____ () C:\Users\Karol's Krafts\Desktop\Continue Kik Installation.lnk 2014-11-02 21:40 - 2014-11-02 21:40 - 00003402 _____ () C:\Windows\System32\Tasks\DonutQuotes 2014-11-02 21:25 - 2014-11-04 19:56 - 00000000 ____D () C:\Windows\SysWOW64\IndexNetTrash 2014-11-02 21:25 - 2014-11-02 21:25 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-02 21:25 - 2014-11-02 21:25 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\CheckCode 2014-11-02 21:24 - 2014-11-04 19:56 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\PerlScriptWinsock 2014-11-02 21:23 - 2014-11-03 19:58 - 00000000 ____D () C:\Windows\SysWOW64\ClipboardTaskWinsock 2014-11-02 21:21 - 2014-11-02 21:21 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\Pro PC Cleaner 2014-11-02 21:20 - 2014-11-02 21:23 - 00000000 ____D () C:\Program Files (x86)\PCTRunner 2014-11-02 21:20 - 2014-11-02 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2014-11-02 21:19 - 2014-11-02 21:23 - 00000004 _____ () C:\end 2014-11-02 13:45 - 2014-11-02 13:46 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{DFA69DAE-5C3A-40A4-B91F-27C9B1828084} 2014-11-02 13:44 - 2014-11-02 13:44 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{D29D090B-AE65-4F34-A820-6B770BE64CDA} 2014-11-02 13:42 - 2014-11-02 13:42 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{9D94E47E-D26C-4574-946C-5D251968FCA6} 2014-10-31 20:20 - 2014-10-31 20:21 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{827691BE-BB6E-465C-A162-577453AC7C98} 2014-10-21 22:25 - 2014-11-02 21:40 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9C26C7D-FDD4-47AE-AABB-0FDAEA98B6D2} 2014-10-21 00:44 - 2014-10-21 00:44 - 00000000 ____D () C:\Users\brian\AppData\Local\Google 2014-10-21 00:42 - 2014-10-21 00:42 - 00116280 _____ () C:\Users\brian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-21 00:41 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-21 00:41 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-21 00:41 - 2014-10-21 01:33 - 00000000 ____D () C:\Users\brian 2014-10-21 00:41 - 2014-10-21 00:41 - 00000000 ____D () C:\Users\brian\AppData\Roaming\Adobe 2014-10-21 00:41 - 2014-10-21 00:41 - 00000000 ____D () C:\Users\brian\AppData\Local\VirtualStore 2014-10-21 00:41 - 2013-01-01 16:08 - 00000000 ____D () C:\Users\brian\Documents\Visual Studio 2008 2014-10-21 00:41 - 2012-11-03 21:59 - 00000000 ____D () C:\Users\brian\AppData\Local\Microsoft Help 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ____D () C:\Users\Guest 2014-10-21 00:08 - 2013-01-01 16:08 - 00000000 ____D () C:\Users\Guest\Documents\Visual Studio 2008 2014-10-21 00:08 - 2012-11-03 21:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help 2014-10-15 20:29 - 2014-10-15 21:08 - 00000000 ____D () C:\Users\Karol's Krafts\Desktop\Embroidery Files 2014-10-15 19:10 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 19:10 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 19:10 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 19:10 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 19:10 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 19:10 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 19:10 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 19:10 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 19:10 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 19:10 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 19:10 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 19:10 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 19:10 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 19:10 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 19:10 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 19:10 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 19:10 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 19:10 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 19:10 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 19:10 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 19:10 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 19:10 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 19:10 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 19:10 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 19:10 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 19:10 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 19:10 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 19:10 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 19:10 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 19:10 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 19:10 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 19:10 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 19:10 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 19:10 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 19:10 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 19:10 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 19:10 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 19:10 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 19:10 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 19:10 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 19:10 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 19:10 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 19:10 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 19:10 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 19:10 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 19:10 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 19:10 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 19:10 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 19:10 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 19:10 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 19:09 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 19:09 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 19:09 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 19:09 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 19:09 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 19:07 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 19:07 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 19:07 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 19:07 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 19:07 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 19:07 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 19:07 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 19:07 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 19:07 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 19:07 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 19:06 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 19:06 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-08 15:28 - 2014-10-08 15:41 - 00033895 _____ () C:\Users\Karol's Krafts\Desktop\ann lemon carpenter.htm ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 20:30 - 2012-05-07 17:12 - 01636565 _____ () C:\Windows\WindowsUpdate.log 2014-11-04 20:27 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-04 20:27 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-04 20:26 - 2014-03-25 15:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-04 20:22 - 2013-09-27 21:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-04 20:21 - 2013-09-27 21:46 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-04 20:14 - 2011-07-12 21:37 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-04 20:09 - 2012-05-07 17:24 - 00000000 ____D () C:\ProgramData\Norton 2014-11-04 20:05 - 2012-05-07 17:24 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-11-04 20:03 - 2009-07-13 23:13 - 00848842 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 20:01 - 2012-08-10 19:53 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B64AD4A8-D89C-42CD-9076-124118D592E3} 2014-11-04 19:56 - 2013-02-11 22:03 - 00024468 _____ () C:\Windows\setupact.log 2014-11-04 19:56 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-04 19:12 - 2014-03-25 15:46 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-04 19:12 - 2014-03-25 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-04 19:12 - 2014-03-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-03 20:17 - 2013-02-11 22:02 - 00681120 _____ () C:\Windows\PFRO.log 2014-11-03 20:05 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-11-03 19:52 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini 2014-11-02 23:08 - 2012-08-10 19:43 - 00000000 ____D () C:\Users\Karol's Krafts 2014-11-02 21:37 - 2013-06-22 20:39 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForKarol's Krafts.job 2014-11-02 21:37 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-11-02 21:24 - 2012-08-17 20:18 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\CrashDumps 2014-11-01 09:29 - 2013-06-22 20:39 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarol's Krafts 2014-11-01 09:29 - 2012-08-18 18:41 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-10-28 18:03 - 2014-03-27 00:46 - 00000000 ____D () C:\ProgramData\adf80ae5fb1c0699 2014-10-28 05:34 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-21 23:58 - 2013-02-10 22:03 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\Spotify 2014-10-21 22:48 - 2013-02-10 22:04 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\Spotify 2014-10-21 03:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-21 01:33 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow 2014-10-21 01:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration 2014-10-20 23:14 - 2009-07-13 23:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-20 15:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-10-16 20:02 - 2009-07-13 22:45 - 00433288 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 19:58 - 2014-05-13 07:52 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 19:35 - 2012-11-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 19:28 - 2013-08-17 04:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 19:21 - 2012-10-28 15:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 12:41 - 2014-01-10 21:14 - 00000000 ____D () C:\ProgramData\Yahoo! 2014-10-14 12:39 - 2011-07-12 21:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2014-10-14 11:53 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-09 22:49 - 2012-11-25 11:18 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$ 2014-10-09 22:49 - 2012-11-25 11:18 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$.job Some content of TEMP: ==================== C:\Users\Karol's Krafts\AppData\Local\Temp\SEVINST64x86.EXE C:\Users\Karol's Krafts\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_23739.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-01 09:16 ==================== End Of Log ============================ AND Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014 Ran by Karol's Krafts at 2014-11-04 20:36:39 Running from C:\Users\Karol's Krafts\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) FUTURA SES1000 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.6 - ) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company) Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation) CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - JP (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CreativeStudio (HKLM-x32\...\{319A4F81-CBD7-48EF-91CF-03651E6EFB9B}) (Version: 4.2.0 - Statler Stitcher) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden File Association Manager (HKLM-x32\...\FileAssociationManager) (Version: 0.5 - Amnis Technology Ltd) Galil DMC .Net API for Visual Studio 2005 (HKLM-x32\...\{072E9B7C-850B-4397-B104-098170742FAF}) (Version: 2.0.0.0 - Galil Motion Control) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}) (Version: 4.1.7.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Sentinel Protection Installer 7.3.2 (HKLM-x32\...\{EDFE2142-CFB3-44AB-A961-DE85F6408A28}) (Version: 7.3.2 - SafeNet, Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) Spotify (HKCU\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 21-10-2014 05:11:33 Restore Operation 21-10-2014 05:39:15 Windows Backup 21-10-2014 05:40:34 Restore Operation 21-10-2014 10:26:26 Windows Backup 25-10-2014 06:17:06 Windows Update 28-10-2014 23:44:14 Windows Backup 01-11-2014 02:08:46 Windows Update 03-11-2014 02:02:54 Windows Backup 04-11-2014 02:03:39 Removed BlueStacks Notification Center 05-11-2014 01:06:19 Windows Update 05-11-2014 02:10:09 Removed Java SE Runtime Environment 6 Update 1 05-11-2014 02:13:33 Removed Adobe Reader X (10.1.7) MUI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {001B574F-D9C2-424E-BF80-973C2FDCF8C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: {365081E8-61DF-4B7E-BC76-094BBFC4FC98} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink) Task: {487EBD0B-81CD-4B50-9D1C-D6CA374CCDE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company) Task: {63D5526F-6ACF-4A34-96F9-EB1B95B7D205} - \Advanced-System Protector_startup No Task File <==== ATTENTION Task: {7E29630D-29D5-4C32-8A44-6B1C9CA443E0} - System32\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {7FA52EFD-9ABD-49EA-BF38-1D60EF2C2B4C} - \ASP No Task File <==== ATTENTION Task: {9A25F1A8-AAB8-48A6-9A4A-97BA8645E065} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {9F02EC3D-BC33-4880-8967-0FD9DC7A1DA4} - System32\Tasks\4772 => Wscript.exe C:\Users\KAROL'~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {A84104BC-C353-486C-ADBC-3C8CFB201EFB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {B0D9F114-C77C-4770-8738-C762F8F64EB1} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe Task: {B2D2F68C-71A1-40A1-B2DB-A76B34938914} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {C6C0BECA-EF79-41FB-888A-3FC12BC2DBA2} - System32\Tasks\HPCeeScheduleForKarol's Krafts => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {C767E5C2-BEA1-4A9E-B9B1-FA2F92F1A2CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {D04B6F09-0E0D-41EF-AD7A-F61C1FCBC876} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard) Task: {D290C98A-F1F1-4276-9995-7658CDFADDDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company) Task: {D6B3AB92-F990-499C-A3C6-1D0601B8AFEB} - \RegClean Pro No Task File <==== ATTENTION Task: {D9B6D94E-6739-40F4-B8B5-4B0F899FC20B} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {FDCA346F-E531-4653-A2F3-CA0A497E0198} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForKarol's Krafts.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-02 20:01 - 2014-11-04 18:56 - 00123632 _____ () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe 2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-16 20:36 - 2014-10-16 20:36 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2012-05-07 17:13 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3278930305-513671393-255404018-500 - Administrator - Disabled) Guest (S-1-5-21-3278930305-513671393-255404018-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3278930305-513671393-255404018-1008 - Limited - Enabled) Karol's Krafts (S-1-5-21-3278930305-513671393-255404018-1000 - Administrator - Enabled) => C:\Users\Karol's Krafts ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Sentinel64 Description: Sentinel64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Sentinel64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 07:57:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/04/2014 06:57:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 08:18:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 08:11:28 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1". Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (11/04/2014 07:56:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MetafileNetSDK.exe service failed to start due to the following error: %%2 Error: (11/04/2014 07:56:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%13. Error: (11/04/2014 07:56:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Sentinel64 service failed to start due to the following error: %%20 Error: (11/04/2014 06:59:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ABBYY FineReader 9.0 Sprint Licensing Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/04/2014 06:57:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The PerlScriptWinsock.exe service hung on starting. Error: (11/04/2014 06:55:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MetafileNetSDK.exe service failed to start due to the following error: %%2 Error: (11/04/2014 06:55:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%13. Error: (11/04/2014 06:55:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Sentinel64 service failed to start due to the following error: %%20 Error: (11/03/2014 08:18:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The PerlScriptWinsock.exe service hung on starting. Error: (11/03/2014 08:17:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MetafileNetSDK.exe service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. Error: (11/04/2014 07:57:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/04/2014 06:57:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 08:18:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 08:11:28 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe CodeIntegrity Errors: =================================== Date: 2014-02-05 00:06:51.163 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-05 00:06:51.073 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.424 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.315 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.543 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.449 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.265 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.171 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.953 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.859 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Celeron® CPU B800 @ 1.50GHz Percentage of memory in use: 46% Total physical RAM: 1899.86 MB Available physical RAM: 1023.06 MB Total Pagefile: 3799.72 MB Available Pagefile: 2491.13 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:279.47 GB) (Free:209.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:2.88 GB) FAT32 Drive g: (BOOT) (Removable) (Total:0.98 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E9B0A126) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 1008.5 MB) (Disk ID: 007BA292) Partition 1: (Active) - (Size=1008 MB) - (Type=0C) ==================== End Of Log ============================

He didn't know the name of the infection but it sounds like the FBI malware because it was apparently asking him to order something from CVS to fix his computer. Security Essentials was not showing up in Add/Remove programs so I manually removed it. Avast is not showing up in the system tray and it fails with the message from the previous post when I try to launch it. Scanned with MBAR and nothing was found... log is below. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.657000 GHz Memory total: 2145386496, free: 1639424000 Downloaded database version: v2014.02.09.06 Downloaded database version: v2013.12.18.01 ======================================= Initializing... ------------ Kernel report ------------ 02/09/2014 14:09:54 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\System32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\System32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys MpFilter.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Mup.sys aswVmm.sys aswRvrt.sys \SystemRoot\System32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\ialmnt5.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\usbuhci.sys \SystemRoot\System32\DRIVERS\USBPORT.SYS \SystemRoot\System32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\IntelC53.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\IntelC51.sys \SystemRoot\system32\DRIVERS\IntelC52.sys \SystemRoot\system32\DRIVERS\mohfilt.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\drivers\P16X.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\gameenum.sys \SystemRoot\system32\DRIVERS\bcm4sbxp.sys \SystemRoot\System32\DRIVERS\fdc.sys \SystemRoot\System32\DRIVERS\i8042prt.sys \SystemRoot\System32\DRIVERS\kbdclass.sys \SystemRoot\System32\DRIVERS\serial.sys \SystemRoot\System32\DRIVERS\serenum.sys \SystemRoot\System32\DRIVERS\parport.sys \SystemRoot\System32\DRIVERS\imapi.sys \SystemRoot\System32\DRIVERS\cdrom.sys \SystemRoot\System32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\lmimirr.sys \SystemRoot\System32\DRIVERS\audstub.sys \SystemRoot\System32\DRIVERS\rasl2tp.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\DRIVERS\ndiswan.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\raspptp.sys \SystemRoot\System32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\psched.sys \SystemRoot\System32\DRIVERS\msgpc.sys \SystemRoot\System32\DRIVERS\ptilink.sys \SystemRoot\System32\DRIVERS\raspti.sys \SystemRoot\System32\DRIVERS\rdpdr.sys \SystemRoot\System32\DRIVERS\termdd.sys \SystemRoot\System32\DRIVERS\mouclass.sys \SystemRoot\System32\DRIVERS\swenum.sys \SystemRoot\System32\DRIVERS\update.sys \SystemRoot\System32\DRIVERS\mssmbios.sys \SystemRoot\system32\drivers\ialmkchw.sys \SystemRoot\system32\drivers\ialmsbw.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\DRIVERS\usbhub.sys \SystemRoot\System32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\MODEMCSA.sys \SystemRoot\System32\DRIVERS\flpydisk.sys \??\C:\WINDOWS\system32\drivers\aswSP.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\System32\DRIVERS\tcpip.sys \??\C:\WINDOWS\system32\drivers\aswTdi.sys \SystemRoot\System32\DRIVERS\ipnat.sys \SystemRoot\System32\DRIVERS\netbt.sys \??\C:\WINDOWS\system32\drivers\aswRdr.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbios.sys \SystemRoot\System32\DRIVERS\rdbss.sys \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS \SystemRoot\System32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\WINDOWS\system32\drivers\aswSnx.sys \SystemRoot\System32\DRIVERS\usbprint.sys \SystemRoot\System32\DRIVERS\hidusb.sys \SystemRoot\System32\DRIVERS\HIDCLASS.SYS \SystemRoot\System32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\System32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ialmdnt5.dll \SystemRoot\System32\ialmrnt5.dll \SystemRoot\System32\ialmdev5.DLL \SystemRoot\System32\ialmdd5.DLL \SystemRoot\System32\ATMFD.DLL \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys \SystemRoot\System32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\ParVdm.SYS \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Program Files\LogMeIn\x86\RaInfo.sys \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys \??\C:\WINDOWS\system32\PfModNT.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\System32\lmimirr.dll \SystemRoot\System32\lmimirr2.dll \??\C:\DOCUME~1\Greg\LOCALS~1\Temp\mbr.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\SYSTEM32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a606ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\ Lower Device Object: 0xffffffff8a611d98 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a606ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a5d3958, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a606ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a611d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: F52BCF0E Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 80325 Numsec = 156151800 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 80000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)... Done! Read File: File "C:\WINDOWS\SYSTEM32\CONFIG\software" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-80325-i.mbam... Removing C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished

I was called to a new clients office today who presented me with the following error message when trying to run either Malwarebytes or Avast. "Windows cannot open this program because it has been prevented by a software restriction policy." He told me got some kind of virus on his computer last week and attempted to clean it off. He said it appears the infection is gone but now it appears he can run any Antivirus or Anti-malware. From DDS.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2 Run by Greg at 21:26:00 on 2014-02-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1457 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned> uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: travelers.com Trusted Zone: travelers.com Trusted Zone: travelerspc.com Trusted Zone: travelerspc.com Trusted Zone: vesta.com Trusted Zone: travelers.com Trusted Zone: travelers.com Trusted Zone: travelerspc.com Trusted Zone: travelerspc.com TCP: NameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{9C517987-5C05-4A1D-AACF-44D215D9B07B} : DHCPNameServer = 192.168.1.1 192.168.1.1 Notify: igfxcui - igfxsrvc.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-30 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-30 180248] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-30 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-30 410784] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2014-1-30 67824] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-1-30 50344] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-11-15 375120] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 13624] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-14 47640] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2014-02-07 01:38:29 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2014-02-07 01:38:28 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2014-02-07 01:38:25 85832 ----a-w- c:\windows\system32\LMIinit.dll 2014-02-07 01:38:25 31560 ----a-w- c:\windows\system32\LMIport.dll 2014-02-05 17:23:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-05 17:23:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe 2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll . ============= FINISH: 21:27:21.17 =============== From ATTACH.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 04/13/2009 2:05:24 PM System Uptime: 02/06/2014 7:24:53 PM (2 hours ago) . Motherboard: Dell Computer Corp. | | 0C2425 Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2657/533mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 74 GiB total, 51.173 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1501: 11/09/2013 10:39:06 AM - System Checkpoint RP1502: 11/11/2013 7:53:29 AM - Software Distribution Service 3.0 RP1503: 11/12/2013 7:52:23 AM - Software Distribution Service 3.0 RP1504: 11/13/2013 8:10:56 AM - Software Distribution Service 3.0 RP1505: 11/13/2013 12:38:47 PM - Software Distribution Service 3.0 RP1506: 11/14/2013 8:36:36 AM - Software Distribution Service 3.0 RP1507: 11/15/2013 8:46:07 AM - System Checkpoint RP1508: 11/16/2013 7:48:22 AM - Software Distribution Service 3.0 RP1509: 11/18/2013 7:51:26 AM - Software Distribution Service 3.0 RP1510: 11/18/2013 3:30:11 PM - Software Distribution Service 3.0 RP1511: 11/19/2013 7:59:49 AM - Software Distribution Service 3.0 RP1512: 11/19/2013 8:28:57 AM - Software Distribution Service 3.0 RP1513: 11/20/2013 8:44:25 AM - System Checkpoint RP1514: 11/21/2013 8:00:50 AM - Software Distribution Service 3.0 RP1515: 11/22/2013 8:33:59 AM - System Checkpoint RP1516: 11/23/2013 7:52:09 AM - Software Distribution Service 3.0 RP1517: 11/25/2013 7:52:45 AM - Software Distribution Service 3.0 RP1518: 11/26/2013 8:05:30 AM - Software Distribution Service 3.0 RP1519: 11/27/2013 8:54:16 AM - System Checkpoint RP1520: 11/29/2013 7:49:31 AM - Software Distribution Service 3.0 RP1521: 11/30/2013 7:55:37 AM - Software Distribution Service 3.0 RP1522: 12/02/2013 7:47:01 AM - Software Distribution Service 3.0 RP1523: 12/03/2013 7:51:53 AM - Software Distribution Service 3.0 RP1524: 12/04/2013 8:02:49 AM - System Checkpoint RP1525: 12/05/2013 8:04:14 AM - Software Distribution Service 3.0 RP1526: 12/06/2013 8:11:37 AM - System Checkpoint RP1527: 12/06/2013 11:42:56 AM - Software Distribution Service 3.0 RP1528: 12/09/2013 7:50:05 AM - Software Distribution Service 3.0 RP1529: 12/10/2013 7:57:06 AM - System Checkpoint RP1530: 12/10/2013 8:33:01 AM - Software Distribution Service 3.0 RP1531: 12/11/2013 9:21:39 AM - Software Distribution Service 3.0 RP1532: 12/11/2013 9:29:11 AM - Software Distribution Service 3.0 RP1533: 12/12/2013 10:13:24 AM - System Checkpoint RP1534: 12/13/2013 7:55:24 AM - Software Distribution Service 3.0 RP1535: 12/13/2013 8:36:47 AM - Software Distribution Service 3.0 RP1536: 12/14/2013 10:34:32 AM - System Checkpoint RP1537: 12/16/2013 7:57:30 AM - Software Distribution Service 3.0 RP1538: 12/17/2013 8:08:46 AM - Software Distribution Service 3.0 RP1539: 12/18/2013 8:16:29 AM - System Checkpoint RP1540: 12/19/2013 7:49:55 AM - Software Distribution Service 3.0 RP1541: 12/20/2013 8:24:39 AM - System Checkpoint RP1542: 12/21/2013 8:06:21 AM - Software Distribution Service 3.0 RP1543: 12/23/2013 7:40:48 AM - Software Distribution Service 3.0 RP1544: 12/26/2013 7:50:00 AM - Software Distribution Service 3.0 RP1545: 12/27/2013 8:01:12 AM - Software Distribution Service 3.0 RP1546: 12/28/2013 8:37:20 AM - System Checkpoint RP1547: 12/30/2013 7:47:24 AM - Software Distribution Service 3.0 RP1548: 12/31/2013 7:54:04 AM - Software Distribution Service 3.0 RP1549: 01/02/2014 7:51:54 AM - Software Distribution Service 3.0 RP1550: 01/03/2014 7:59:29 AM - Software Distribution Service 3.0 RP1551: 01/04/2014 8:09:50 AM - System Checkpoint RP1552: 01/06/2014 7:50:31 AM - Software Distribution Service 3.0 RP1553: 01/07/2014 7:54:45 AM - Software Distribution Service 3.0 RP1554: 01/08/2014 8:02:21 AM - System Checkpoint RP1555: 01/09/2014 7:52:42 AM - Software Distribution Service 3.0 RP1556: 01/10/2014 8:26:15 AM - System Checkpoint RP1557: 01/10/2014 9:32:30 AM - Software Distribution Service 3.0 RP1558: 01/11/2014 9:40:34 AM - System Checkpoint RP1559: 01/13/2014 7:40:52 AM - Software Distribution Service 3.0 RP1560: 01/14/2014 7:49:31 AM - Software Distribution Service 3.0 RP1561: 01/14/2014 8:04:03 AM - Software Distribution Service 3.0 RP1562: 01/15/2014 8:05:51 AM - System Checkpoint RP1563: 01/15/2014 8:39:21 AM - Software Distribution Service 3.0 RP1564: 01/15/2014 8:59:49 AM - Software Distribution Service 3.0 RP1565: 01/16/2014 10:07:47 AM - System Checkpoint RP1566: 01/17/2014 7:51:03 AM - Software Distribution Service 3.0 RP1567: 01/18/2014 8:06:59 AM - System Checkpoint RP1568: 01/18/2014 8:23:47 AM - Software Distribution Service 3.0 RP1569: 01/20/2014 7:52:01 AM - Software Distribution Service 3.0 RP1570: 01/21/2014 8:03:00 AM - System Checkpoint RP1571: 01/21/2014 8:13:05 AM - Software Distribution Service 3.0 RP1572: 01/22/2014 9:58:22 AM - System Checkpoint RP1573: 01/23/2014 7:52:41 AM - Software Distribution Service 3.0 RP1574: 01/24/2014 8:04:12 AM - System Checkpoint RP1575: 01/25/2014 7:42:40 AM - Software Distribution Service 3.0 RP1576: 01/27/2014 7:49:32 AM - Software Distribution Service 3.0 RP1577: 01/28/2014 7:52:03 AM - System Checkpoint RP1578: 01/29/2014 8:01:35 AM - Restore Operation RP1579: 01/29/2014 10:05:56 AM - Restore Operation RP1580: 01/29/2014 11:21:06 AM - Software Distribution Service 3.0 RP1581: 01/30/2014 7:38:18 AM - Software Distribution Service 3.0 RP1582: 01/30/2014 4:19:20 PM - Software Distribution Service 3.0 RP1583: 01/30/2014 5:07:00 PM - avast! antivirus system restore point RP1584: 01/30/2014 5:14:19 PM - Software Distribution Service 3.0 RP1585: 01/30/2014 5:31:35 PM - Removed FOX News Live Stream RP1586: 01/31/2014 9:50:10 AM - Restore Operation RP1587: 01/31/2014 5:39:35 PM - Software Distribution Service 3.0 RP1588: 02/03/2014 7:48:08 AM - Software Distribution Service 3.0 RP1589: 02/04/2014 7:51:09 AM - Software Distribution Service 3.0 RP1590: 02/05/2014 7:54:20 AM - Software Distribution Service 3.0 RP1591: 02/06/2014 7:57:04 AM - Software Distribution Service 3.0 RP1592: 02/06/2014 7:42:23 PM - Printer Driver LogMeIn Printer Driver Installed . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) Adobe Shockwave Player 11.6 Broadcom 440x 10/100 Integrated Controller Credit Express for Windows Critical Update for Windows Media Player 11 (KB959772) Crystal Reports 2008 Runtime SP1 Dell ResourceCD Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) hp LaserJet 1000 Intel® 537EP V9x DF PCI Modem Intel® Extreme Graphics Driver Java 7 Update 21 Java Auto Updater Java SE Runtime Environment 6 Update 1 LogMeIn Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Security Client Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PrintKey2000 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB2675157) Security Update for Windows Internet Explorer 7 (KB2699988) Security Update for Windows Internet Explorer 7 (KB2722913) Security Update for Windows Internet Explorer 7 (KB2744842) Security Update for Windows Internet Explorer 7 (KB2761465) Security Update for Windows Internet Explorer 7 (KB2792100) Security Update for Windows Internet Explorer 7 (KB2797052) Security Update for Windows Internet Explorer 7 (KB2799329) Security Update for Windows Internet Explorer 7 (KB2809289) Security Update for Windows Internet Explorer 7 (KB2817183) Security Update for Windows Internet Explorer 7 (KB2829530) Security Update for Windows Internet Explorer 7 (KB2838727) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB2888505) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2862152) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2868626) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2876331) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB2892075) Security Update for Windows XP (KB2893294) Security Update for Windows XP (KB2893984) Security Update for Windows XP (KB2898715) Security Update for Windows XP (KB2900986) Security Update for Windows XP (KB2914368) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sound Blaster Live! swMSM Unity Unity Patch For NSoftware October 2011 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2863058) Update for Windows XP (KB2904266) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WordPerfect Office 11 Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 02/06/2014 7:45:22 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 02/06/2014 7:21:51 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s). 02/06/2014 7:21:51 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 02/06/2014 7:21:51 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 01/31/2014 9:44:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 01/30/2014 5:25:00 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 01/30/2014 5:24:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect. 01/30/2014 3:34:23 PM, error: Print [6161] - The document Network-Franchise Sub Appointment Application.pdf owned by Greg failed to print on printer hp LaserJet 1000. Data type: RAW. Size of the spool file in bytes: 542915. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\MARCUS-23MMQMF3. Win32 error code returned by the print processor: 0 (0x0). 01/30/2014 3:34:08 PM, error: Print [6161] - The document Local Downlevel Document owned by Greg failed to print on printer hp LaserJet 1000. Data type: RAW. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\MARCUS-23MMQMF3. Win32 error code returned by the print processor: 0 (0x0). 01/30/2014 3:28:05 PM, error: Print [6161] - The document Network-Franchise Sub Appointment Application.pdf owned by Greg failed to print on printer hp LaserJet 1000. Data type: RAW. Size of the spool file in bytes: 610609. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\MARCUS-23MMQMF3. Win32 error code returned by the print processor: 0 (0x0). . ==== End Of File ===========================