bmg

Honorary Members

View Profile See their activity

Posts
129
Joined
May 29, 2011
Last visited
October 28, 2020

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by bmg

MB Cannot Complete A Scan (Again...)

bmg replied to bmg's topic in Malwarebytes for Windows Support Forum

Farbar Service Scanner Version: 21-07-2014 Ran by L33tMaN (administrator) on 08-12-2014 at 19:57:26 Running from "C:\Users\L33tMaN\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by L33tMaN at 2014-03-27 19:19:07 Running from C:\Users\L33tMaN\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.) AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden Alienware Command Center (HKLM-x32\...\InstallShield_{6A7D1CAC-6267-4C71-A759-CB5D9E9FAFAA}) (Version: 2.7.25.0 - Alienware Corp.) Alienware Command Center (Version: 2.7.25.0 - Alienware Corp.) Hidden Allied Intent .2 client (HKLM-x32\...\Allied Intent .2 client) (Version: - ) Allied Intent Xtended 2.0 (HKLM-x32\...\Allied Intent Xtended) (Version: 2.0 - AIX Community) Battlecraft 1942 (HKLM-x32\...\Battlecraft 19422.1) (Version: - ) Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - ) Battlefield 1942 Windows Vista/7 Compatibility Fix (HKLM\...\{99720953-c1d6-4b90-8012-b7c3337f4efe}.sdb) (Version: - ) Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version: - ) Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version: - ) Battlefield 2 (HKLM-x32\...\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}) (Version: 1.5.0.0 - Electronic Arts) Battlefield 2 Demo (HKLM-x32\...\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}) (Version: - ) Battlefield Mod Development Toolkit 2.0 Beta (HKLM-x32\...\MDT) (Version: - ) Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts) Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts) Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts) Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden couponamazing (HKLM-x32\...\couponamazing) (Version: 1.1357065019 - couponamazing.com) <==== ATTENTION CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4827 - CyberLink Corp.) CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4827 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura) FFOLKES Unlocks123 mod v1.4.1 (HKLM-x32\...\FFOLKES Unlocks123 mod v1.4.1) (Version: - ) Forgoten Hope 2 (2 of 2) (dummy) (HKLM-x32\...\Forgotten Hope 2) (Version: - ) Forgotten Hope 0.70 (HKLM-x32\...\Forgotten Hope) (Version: 0.70 - Forgotten Hope Mod Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lock On: Modern Air Combat (HKLM-x32\...\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}) (Version: 1.00.000 - ) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Max Websearch (HKLM-x32\...\Maxwebsearch) (Version: - Maxwebsearch) Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.36 - NVIDIA Corporation) NVIDIA Control Panel 296.36 (Version: 296.36 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.36 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9636 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.26.3.2879 - PasswordBox, Inc.) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd) Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.0 - Project Reality) PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version: - ) QuickShare (HKLM-x32\...\{232F1B14-7126-491F-AC8C-6123BA58FDE2}) (Version: 1.135.60.12323 - Linkury Inc.) <==== ATTENTION Ravaged (HKLM-x32\...\Steam App 96300) (Version: - ) RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition) Sandbox (HKLM-x32\...\Sandbox) (Version: - ) Savings Explorer (HKLM-x32\...\Savings Explorer) (Version: 1.24.151.151 - 215 Apps) Scholastic's I SPY Fantasy (HKLM-x32\...\Scholastic's I SPY Fantasy) (Version: - ) Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version: - ) Scholastic's I SPY Treasure Hunt (HKLM-x32\...\Scholastic's I SPY Treasure Hunt) (Version: 1.0 - Scholastic Inc.) ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION ShopOn Coupon Extension Helper (HKLM\...\ShopOn) (Version: 1.6.49 - ShopOn Unlimited LLC) <==== ATTENTION Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) Virtual Families Packages (HKCU\...\Virtual Families Packages) (Version: - ) <==== ATTENTION WebInternetSecurity (HKLM-x32\...\Webinternetsecurity) (Version: - Webinternetsecurity) WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat) WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WOoKie Sniper Mod 1.3 (HKLM-x32\...\WOoKie Sniper Mod) (Version: 1.3 - Scouty) WordPad+ version 1.01 (HKLM-x32\...\WordPad+_is1) (Version: 1.01 - ) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net) World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version: - Wargaming.net) World of Warplanes Hack Toll 2.8 (HKLM-x32\...\World of Warplanes Hack Toll 2.8) (Version: - ) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 16-03-2014 07:45:21 Scheduled Checkpoint 19-03-2014 00:00:24 Windows Update 22-03-2014 03:11:43 Windows Update 25-03-2014 21:37:54 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {011370A5-018E-4AA2-A481-1523E7A23A58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.) Task: {023CD68F-48C5-4C40-A563-162B425C1BB9} - System32\Tasks\Updater21802.exe => C:\Users\cynical\AppData\Local\Updater21802\Updater21802.exe <==== ATTENTION Task: {0374F184-232F-4118-8419-55F5688FAD94} - \GoforFilesUpdate No Task File Task: {13054A1C-87B3-40D9-811C-13B64AEBA521} - System32\Tasks\{A4C966BB-E0F7-4EA0-BAFF-378BD1F89D43} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe Task: {1444863C-CEFA-413B-8CF8-CACB600F485B} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {1720B02C-915C-49D2-9F77-41C9414781FD} - System32\Tasks\{E80F6B32-5D3A-42B6-AD92-BB4419995F64} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {18A5DCA4-5ACA-4341-A32D-880E91F08B3F} - System32\Tasks\pc-dis-upd => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe [2013-01-01] (PC Cleaners Inc.) <==== ATTENTION Task: {19472C8B-735D-4912-9716-B385C44BA07A} - System32\Tasks\TidyNetwork Update => C:\Users\cynical\AppData\Local\TidyNetwork\petnupdate.exe Task: {2D7C059A-1C14-4D22-9089-50AE99B508E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {310B9523-078B-410A-BFA5-2A8D9F04142C} - System32\Tasks\{407E4C35-61C1-4ED6-9FF4-526E5B00DE1F} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {33B0FF98-90B9-4742-BE46-43BE2D294852} - System32\Tasks\{341E9A2A-7320-4E28-A66E-D615E3701034} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {3C8C2035-B41A-4487-9BD7-16CECADA3107} - \Dealply No Task File Task: {3F91A3D8-C549-402F-B916-E5FD071269B0} - System32\Tasks\Oxy => C:\Users\cynical\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION Task: {458EC67D-CDD7-45D8-A283-943A5D498EDF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {4B0D1B46-6C73-499D-9567-9E407789909A} - System32\Tasks\{773B3E96-62DA-4A63-9D8D-066DDCBF4F0E} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8} - System32\Tasks\RunAsStdUser Task => C:\Users\cynical\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION Task: {69F31346-B202-4B52-83C8-38A13151F95B} - \BackgroundContainer Startup Task No Task File Task: {7AF87EB6-A50C-42AB-BAC5-ED331B75213F} - System32\Tasks\{B143C027-5E0A-4953-A279-00F911072A82} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {825F3FA3-0D8D-4A97-BED1-ED92E699BE05} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {8B81D2E4-E4CC-4B83-8E86-E0D6AFED81F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.) Task: {982B2063-2ACA-4114-8641-F7F03E4466C7} - System32\Tasks\{1B4171AB-B20F-42D6-90A5-F8B0442B8E9E} => C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe Task: {B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {B3C3C651-4FAA-4BCF-9C5D-35E8745A7124} - System32\Tasks\{2DB518E2-242C-48AE-B842-9B476DC059A7} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {BE244C55-D878-437F-8958-D629A45820B1} - System32\Tasks\VisualBeeRecovery => C:\Users\cynical\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe Task: {D146400E-D601-4848-B232-E55DAD7CEF7D} - System32\Tasks\{DDAE764B-5E62-4542-81A7-9F530B2AFAEA} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe Task: {D21A428F-B137-4082-B614-CC2DBDC5027F} - System32\Tasks\{6CD8CB2F-67CF-4051-8371-8C7532DA141C} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {D57B8DD7-8986-47A5-9113-4033E31B09CE} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION Task: {D5E597B0-AEF9-4B45-B1FE-6022BAD894EF} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe Task: {E57F0D33-3F19-4198-8CC3-C7EE1BB01B67} - System32\Tasks\{3CA31466-DEDD-4D77-9668-9C817280AAC9} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {E7594EA4-3392-41B3-8CDC-D73F6FB3664E} - System32\Tasks\{7C31E5D9-F65C-493F-AFB8-E1DEAB2E500B} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {F2E7344B-9FA6-44BF-BDC7-FB1E0C2026E5} - System32\Tasks\{D89C3165-63A0-4E42-A9CA-6F65D48D364C} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe Task: {F9ED1981-BA10-43D4-95B0-BFCEC7FB3ABD} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe [2014-01-20] () Task: {FF87AC17-1E07-4ED4-91C7-7982BDF43741} - System32\Tasks\{5CCB7AEE-C302-44F7-A930-4C42D2825F16} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\pc-dis-upd.job => ? Task: C:\windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-10-12 00:19 - 2013-10-12 00:19 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe 2012-11-30 00:31 - 2012-11-30 00:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2012-06-08 01:36 - 2012-03-19 19:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-10-16 16:00 - 2013-10-16 16:00 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2012-06-08 01:37 - 2012-03-23 00:10 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2014-01-10 22:40 - 2013-12-12 18:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll 2014-01-10 22:40 - 2013-11-04 21:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll 2013-03-25 17:23 - 2014-02-10 22:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2012-12-31 22:37 - 2014-02-25 17:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2012-12-31 22:37 - 2014-01-10 19:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-12-31 22:37 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-12-31 22:37 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-12-31 22:37 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2012-06-08 00:09 - 2012-03-06 15:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:AD022376 AlternateDataStreams: C:\ProgramData\Temp:D346F792 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/24/2014 07:42:44 PM) (Source: Application Error) (User: ) Description: Faulting application name: AlienwareAlienFXController.exe, version: 2.7.25.0, time stamp: 0x4f0c4453 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x003b6bec Faulting process id: 0x1524 Faulting application start time: 0xAlienwareAlienFXController.exe0 Faulting application path: AlienwareAlienFXController.exe1 Faulting module path: AlienwareAlienFXController.exe2 Report Id: AlienwareAlienFXController.exe3 Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime) (User: ) Description: Application: AlienwareAlienFXController.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>) at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent() at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/22/2014 05:41:26 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/16/2014 03:39:39 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/15/2014 03:22:20 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (03/07/2014 05:59:31 PM) (Source: Application Hang) (User: ) Description: The program hl2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1394 Start Time: 01cf3a4f826d15ce Termination Time: 402 Application Path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe Report Id: System errors: ============= Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/ Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/ Error: (03/27/2014 04:03:50 PM) (Source: Service Control Manager) (User: ) Description: The ShopOn Service service hung on starting. Error: (03/27/2014 04:02:28 PM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater18.0.5 service failed to start due to the following error: %%2 Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: ) Description: The Portable Device Enumerator Service service failed to start due to the following error: %%1115 Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: ) Description: The Human Interface Device Access service failed to start due to the following error: %%1115 Microsoft Office Sessions: ========================= Error: (03/24/2014 07:42:44 PM) (Source: Application Error)(User: ) Description: AlienwareAlienFXController.exe2.7.25.04f0c4453unknown0.0.0.000000000c0000005003b6bec152401cf47baaf4e6395C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exeunknownfe7e57c9-b3ad-11e3-b803-848f69f575ee Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime)(User: ) Description: Application: AlienwareAlienFXController.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>) at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent() at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/22/2014 05:41:26 AM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/16/2014 03:39:39 AM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/15/2014 03:22:20 PM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (03/07/2014 05:59:31 PM) (Source: Application Hang)(User: ) Description: hl2.exe0.0.0.0139401cf3a4f826d15ce402C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
- December 9, 2014
- 6 replies
MB Cannot Complete A Scan (Again...)

bmg posted a topic in Malwarebytes for Windows Support Forum

Ho-hum; another month goes by and MB will not complete a scan. This program seems to only be good for a few weeks before becoming unusable again; like a vicious cycle. And thank you to the mod who didn't respond to my request to open my closed thread, if only to contribute. It's just as well, as this proves it would have been money ill spent...
- December 4, 2014
- 6 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

So this computer should be clear now?
- October 9, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

'No threats were found.' Why does posting this log cause my browser to crash?! I am posting this on a MAC and every time I try to paste the log, the browser (FF) crashes very hard. Is this a type of file that is not to be pasted?
- October 8, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

This computer doesn't seem able to start in safe mode; this was the original trouble. As it's an Alienware, you cannot see the start-up screen to access this mode, unless you get a different cable. Is 'clean boot mode' the same as 'safe mode'?
- October 8, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

After 8 hours of scanning, the program stalled at 99% again...
- October 8, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

Over 9 hours of scanning - 244 items found, 33874 files scanned, but it appears to be unresponsive. Here is the log after shutting it down: C:\AdwCleaner\Quarantine\C\monitor.exe.vir Win32/AdWare.Loadshop.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\GFFUpdater.exe.vir a variant of Win32/YourFileDownloader.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\GoforFiles.exe.vir a variant of Win32/YourFileDownloader.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir Win32/Mobogenie.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\savings explorer\ButtonUtil.dll.vir a variant of Win32/Toolbar.CrossRider.G potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\savings explorer\Savings Explorer-bg.exe.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\savings explorer\Savings Explorer.exe.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch\uninstall.exe.vir Win32/SProtector.B potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3287802\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3306061\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\Chrome\CT3287802\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\Chrome\CT3287802\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\Chrome\CT3306061\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.24.3.503_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.0.540_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.0.540_0\nativeMessaging\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.9.505_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.26.21_0\extensionData\plugins\103_intext_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc\1.0\ujXSQ.js.vir Win32/Adware.MultiPlug.H application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.24.3.503_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.0.540_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.0.540_0\nativeMessaging\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.9.505_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe\2.19\Nig9K.js.vir Win32/Adware.MultiPlug.H application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_10\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_7\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_9\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3306061\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Temp\NativeMessaging\CT3287802\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Temp\NativeMessaging\CT3306061\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\hk64tbSwe0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\hk64tbSwee.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\hktbSwe0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\hktbSwee.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\ldrtbSwe0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\ldrtbSwee.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\tbSwe0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\tbSwe1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\tbSwee.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\hk64tbVisu.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\hktbVisu.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\ldrtbVisu.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\tbVisu.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\102_dealply_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\103_intext_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\104_jollywallet_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\105_corticas_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\126_revizer_ws_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\127_revizer_p_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\155_ibario_pops_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\184_noproblemppc_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\189_active_sanity.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\191_ciuvo_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\200_foxydeal_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\204_pricedetect_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\102_dealply_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\103_intext_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\104_jollywallet_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\105_corticas_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\108_icm_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\119_similar_web_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\120_luck_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\123_intext_adv_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\125_arcadi2_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\126_revizer_ws_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\127_revizer_p_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\128_superfish_pricora_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\135_arcadi3_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\138_getdeal_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\141_corticas_ru_m.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\142_intext_fa_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\159_cortica_rollover_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\175_coolmirage_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\180_bpo_serp_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\184_noproblemppc_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\189_active_sanity.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\190_pops_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\191_ciuvo_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\195_icm_convertmedia_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\197_kreapixel_pops_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\200_foxydeal_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\204_pricedetect_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\103_intext_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\101_cortica_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\102_dealply_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\103_intext_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\104_jollywallet_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\105_corticas_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\108_icm_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\116_ads_only_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\119_similar_web_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\120_luck_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\123_intext_adv_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\125_arcadi2_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\126_revizer_ws_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\127_revizer_p_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\128_superfish_pricora_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\129_widdit_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\135_arcadi3_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\138_getdeal_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\142_intext_fa_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\155_ibario_pops_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\159_cortica_rollover_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\175_coolmirage_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\92_superfish_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\ds_3w@eiaxcdaob-.co.uk\content\bg.js.vir Win32/Adware.MultiPlug.H application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\sfaeya-oui@iuuuiyqvh.org\content\bg.js.vir Win32/Adware.MultiPlug.H application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\staged\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\xd1-eooy@zrpztuay.org\content\bg.js.vir Win32/Adware.MultiPlug.H application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir Win32/DealPly.J potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{bf9194c2-b86d-4ebc-9b53-1c08b6ff779e}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.400.4_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.400.4_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.9.505_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3\hk64tbVisu.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3\hktbVisu.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3\ldrtbVisu.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3\tbVisu.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\windows\score.exe.vir Win32/Agent.WGA trojan C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application C:\AdwCleaner\Quarantine\C\windows\System32\drivers\netfilter64.sys.vir a variant of Win64/Riskware.NetFilter.F application C:\AdwCleaner\Quarantine\C\windows\SysWOW64\ARFC\wrtc.exe.vir a variant of Win32/Toolbar.Perion.G potentially unwanted application C:\FRST\Quarantine\C\monitorsvc.exe.xBAD Win32/AdWare.Loadshop.A application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\5639a013-5a88-4d30-99fe-a7151180e009.dll a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\7811b4e1-cc43-4429-852a-998646c16bc7.exe a variant of Win32/Toolbar.CrossRider.AS potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bg.exe a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho.dll a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho64.dll a variant of Win64/Toolbar.Crossrider.J potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-codedownloader.exe a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\d0129b8e-caeb-4107-8574-418aabad4b13.exe a variant of Win32/Toolbar.CrossRider.AG potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-11.exe a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-2.exe a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-3.exe a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-4.exe a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-5.exe a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-6.exe a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-64.exe a variant of Win64/Toolbar.Crossrider.I potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-7.exe a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe a variant of Win32/ShopperPro.A potentially unwanted application C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb\1.0\QHz.js Win32/Adware.MultiPlug.H application C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.26.25_0\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.26.25_0\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc\1.0\ujXSQ.js Win32/Adware.MultiPlug.H application C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe\2.19\Nig9K.js Win32/Adware.MultiPlug.H application C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Temp\optprosetup.exe.xBAD multiple threats C:\Program Files (x86)\Maxwebsearch\uninstall.exe a variant of MSIL/Adware.iBryte.A application C:\Program Files (x86)\RCP\systweakasp.exe Win32/Systweak.E potentially unwanted application C:\Program Files (x86)\Sk.Enhancer\uninstall.exe a variant of Win32/SProtector.B potentially unwanted application C:\Program Files (x86)\Star Defender 3\uninstall.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\ProgramData\InstallMate\{0518109C-A77C-4855-AABE-EF5EDEFB326A}\Custom.dll Win32/InstalleRex.L potentially unwanted application C:\Users\All Users\InstallMate\{0518109C-A77C-4855-AABE-EF5EDEFB326A}\Custom.dll Win32/InstalleRex.L potentially unwanted application C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.20.3.20_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.20.3.20_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.22.5.700_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.22.5.700_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.22.5.700_0\TBHostSupport\TBHostSupport.dll a variant of Win32/Toolbar.Conduit.AA potentially unwanted application C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb\1.0\QHz.js Win32/Adware.MultiPlug.H application C:\Users\cynical\AppData\Roaming\0F0C1V0V1L1C2Z2Y1T1I0F1T1H1L1I1L1P1B\Virtual Families Packages\uninstaller.exe a variant of Win32/InstallCore.AZ potentially unwanted application C:\Users\cynical\Desktop\World of Warplanes Cheat.exe a variant of MSIL/Hoax.FakeHack.ES application C:\Users\cynical\Downloads\AIX_2.0_CORE_MOD.exe a variant of Win32/Packed.ExeScript.B trojan C:\Users\cynical\Downloads\StarDefender3Setup.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\Users\cynical\Downloads\super-mario-cross.exe a variant of Win32/InstallCore.BY potentially unwanted application C:\Users\cynical\Downloads\wordpad-setup.exe Win32/DownloadAdmin.G potentially unwanted application C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd\15221.2542.7258_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\L33tMaN\AppData\Local\Installer\Install_7960\setup.exe a variant of Win32/SpeedBit.A potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF2.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF20.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF21.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF22.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF23.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF24.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF25.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF26.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF27.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF28.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF29.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF9.dll Win32/Toolbar.SearchSuite potentially unwanted application C:\Users\L33tMaN\Downloads\adobe_flash_setup (1).exe a variant of Win32/InstallCore.QL potentially unwanted application C:\Users\L33tMaN\Downloads\adobe_flash_setup (2).exe a variant of Win32/InstallCore.QL potentially unwanted application C:\Users\L33tMaN\Downloads\adobe_flash_setup.exe a variant of Win32/InstallCore.QL potentially unwanted application C:\Users\L33tMaN\Downloads\IDM2.exe a variant of Win32/Idmsq.A potentially unwanted application C:\Windows\uninst.exe a variant of Win32/PCCleaners potentially unwanted application C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
- October 6, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

Eset was previously installed on this system, so I wasn't able to change any of the settings before the scan; it just started after updating. (Also, I was unable to turn off Security Essentials; there was no option under 'settings', no matter what Microsoft says.) Do I need to remove the threats when this scan is over, or do I just uninstall it?
- October 5, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

ESET always stops at 44% for some reason, but I will try again tonight. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/5/2014 Scan Time: 12:25:22 PM Logfile: mb2.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.05.07 Rootkit Database: v2014.09.19.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: L33tMaN Scan Type: Threat Scan Result: Completed Objects Scanned: 439298 Time Elapsed: 8 min, 51 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
- October 5, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

Was able to install; so here is the log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/4/2014 Scan Time: 12:20:52 PM Logfile: mb.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.04.10 Rootkit Database: v2014.09.19.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: L33tMaN Scan Type: Threat Scan Result: Completed Objects Scanned: 439210 Time Elapsed: 9 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe, 3452, Delete-on-Reboot, [c2c3c42b0f6c2d093c3af916986bb947] Modules: 0 (No malicious items detected) Registry Keys: 13 Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_111_is1, Quarantined, [077ee50ad6a50e28a22fc1cbe81c20e0], PUP.Optional.DesktopTemperature.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Desktop Temperature Monitor, Quarantined, [166f9c53443784b2bd925b64ee1352ae], PUP.Optional.BrowserApps.A, HKLM\SOFTWARE\WOW6432NODE\Browser+ Apps+, Quarantined, [7b0a40af9fdc55e1a9041cf33ec514ec], PUP.Optional.BrowserApps.A, HKLM\SOFTWARE\WOW6432NODE\Browser+ Apps+-nv, Quarantined, [ef965c93710af93df5b86da257ac718f], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [5233f2fdcfacc4723e5a38d7e41f8977], PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\WOW6432NODE\PCTRunner, Quarantined, [2b5af8f7f982af87b6bec847d42f40c0], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_111_is1, Quarantined, [ea9b539c4b30d0668611ac634bb8f907], PUP.Optional.BrowserApps.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser+ Apps+, Quarantined, [661fb639ed8eeb4bab04ea25db28c53b], PUP.Optional.MyOSProtect.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PCTRunner, Quarantined, [cbba2ec1c7b4989ebfb67c93e61d24dc], PUP.Optional.BrowserApps.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser+ Apps+, Quarantined, [9de8c9263c3f1422159ae827d92af40c], PUP.Optional.BrowserApps.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser+ Apps+, Quarantined, [cabb955af8833105109fed22ed16d12f], PUP.Optional.CrossRider.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [dfa6896678039a9ca15584e9dc286a96], PUP.Optional.DeleteAd.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [e79e36b98af1be78d111d437f112a25e], Registry Values: 1 PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_111, "C:\Program Files (x86)\ospd_us_111\ospd_us_111.exe", Quarantined, [c5c0747b84f7ae88c1d9808fb54efe02] Registry Data: 0 (No malicious items detected) Folders: 45 PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature, Delete-on-Reboot, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature, Quarantined, [305510dff78456e0284fb8571ee56d93], PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles, Quarantined, [bfc6747b2655a195693bc2bde91b31cf], PUP.Optional.Groovorio.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\nspdlgrvrio, Quarantined, [2c59608f68130a2cf8459766fb076b95], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults\preferences, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale\en-US, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults\preferences, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale\en-US, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, Quarantined, [394c539cf4879b9b0adb0503e2218e72], PUP.Optional.OneSoftPerDay.A, C:\Users\cynical\AppData\Local\ospd_us_111, Quarantined, [414498570d6e3402f3f3af59c63d7789], PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd], PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111\Download, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b], PUP.Optional.SystemAlerts.A, C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC, Quarantined, [3253747baecdfd397ea37297f01321df], PUP.Optional.SystemAlerts.A, C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC\DesktopTemperature.exe_Url_z4jwgjlnvqyt4phogilb4bdgkf540uph, Quarantined, [3253747baecdfd397ea37297f01321df], PUP.Optional.SystemAlerts.A, C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC\DesktopTemperature.exe_Url_z4jwgjlnvqyt4phogilb4bdgkf540uph\1.24.0.0, Quarantined, [3253747baecdfd397ea37297f01321df], PUP.Optional.PennyBee.A, C:\Users\cynical\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw, Quarantined, [e69fe906e794280e55ef86838c77f10f], PUP.Optional.PennyBee.A, C:\Users\cynical\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.3.0, Quarantined, [e69fe906e794280e55ef86838c77f10f], PUP.Optional.PennyBee.A, C:\Users\L33tMaN\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw, Quarantined, [7c0901ee2d4e66d0b78d20e955ae5ea2], PUP.Optional.PennyBee.A, C:\Users\L33tMaN\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.3.0, Quarantined, [7c0901ee2d4e66d0b78d20e955ae5ea2], PUP.Optional.DeleteAd.A, C:\ProgramData\DeleteAd, Quarantined, [e79e36b98af1be78d111d437f112a25e], Files: 277 Adware.EoRezo, C:\Program Files (x86)\ospd_us_111\unins000.exe, Quarantined, [077ee50ad6a50e28a22fc1cbe81c20e0], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\uninstall.exe, Quarantined, [166f9c53443784b2bd925b64ee1352ae], PUP.Optional.Tuto4pc, C:\Users\L33tMaN\AppData\Local\ospd_us_111\upospd_us_111.exe, Quarantined, [097cf1feceadb5812527602cbf4526da], PUP.Optional.InfoAtoms.A, C:\Program Files (x86)\Mozilla Firefox\InfoAtoms.cfg, Quarantined, [3b4a3db21665d85eb7187c90d62d38c8], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTUpdater.exe.config, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\56.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\62.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\65.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\67.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\68.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\69.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\71.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\72.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\73.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\75.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\77.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\78.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\79.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe, Delete-on-Reboot, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe.config, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTUpdater.exe, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\ICSharpCode.SharpZipLib.dll, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\loading.gif, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\WxStations.exe, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature\Desktop Temperature Monitor.lnk, Quarantined, [305510dff78456e0284fb8571ee56d93], PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk, Quarantined, [7411757a562501353246c04f45be5ea2], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmchfpimpbbdmgpcieclabeafkljbhm_0.localstorage, Quarantined, [6c19b738d9a2da5ca3094ad0e41fbb45], PUP.Optional.SelectNGo.A, C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [4c3931befd7eda5ce44461c73fc4758b], PUP.Optional.ReMarkable.A, C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [afd649a6fd7e2c0a19ca0777f80ccd33], PUP.Optional.Astromenda.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf}.xpi, Quarantined, [35505f903942db5bc476285770949c64], PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles\GoforFiles.lnk, Quarantined, [bfc6747b2655a195693bc2bde91b31cf], PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles\Remove GFF.lnk, Quarantined, [bfc6747b2655a195693bc2bde91b31cf], PUP.Optional.Groovorio.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\nspdlgrvrio\fav-groups, Quarantined, [2c59608f68130a2cf8459766fb076b95], PUP.Optional.Groovorio.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\nspdlgrvrio\favs##fb15ba6c7a26ff83c84230a3f57542a3, Quarantined, [2c59608f68130a2cf8459766fb076b95], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav-groups, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\favs##521a9a03640c5ff2875294125bb08ae7, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\redirects, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\0cd017cf91fd04bf79773a67b2024dba, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\0daa342edfd560ad0ea1b931c0af214d, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\1db7e24ba4a9dad899c2d480d747e70e, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\28360abfa681b07e079fcbd38ec078c9, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\4e5a64e7ba3d39ce08eca05f38506c4d, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\4f9d1d52649cda6800a941b52eca644f, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\588e67e120e6927a5cf8d10d01878b0c, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\6bfb1702719df5f96589665d94cf7cc7, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\b72ceea06e72394ef7ea0dfc2f5013ad, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\c10efe0bbc85bea8a3fb70863e0582ab, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\d5767155a9fbf7235ff7069a96365b46, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\d7834f2097cf4c9fd1e8b93104de0c9b, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\dac5373f4e764d021f506ba5678879da, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\fa5c0009ede61f80c363a298aff49ef3, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\fe197eafc1350a296c9d61ffb2b1d6fc, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome.manifest, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\install.rdf, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\0ab2bc832b86ea02f1fabdf8110901d7.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\5f7e651e54184e1c739f55b3157abc88.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\5fc2ba2cdfd34bd9ed3b1379c9cb8d07.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\99b8ee12892a9edbf77f0472ba338611.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\background.html, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\browser.xul, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\dialog.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\e6fb47f015a87ea3a5337d582b1d3669.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\f86dba94ab46480c210d3f58e1ac6c2a.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\options.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\options.xul, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\search_dialog.xul, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\19f46b1ca9f169b19bfee2f2cc835072.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\37917f0d4c9887df983fcfc4df78628d.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\3e9c7d286e68f5a8df289807c698c5b3.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\3ec2617f8c32f2bb5dd6c2188af734fe.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\5747dc599be44371d3c7fea30f9d6a99.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\682eb10fb5af22380aefca3cc6fc8b73.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\68fceab2f19e9a197b35aa261e5cdb02.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\8094aa9341d9592833f694bb9b17f29b.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\a202dce204b30f4c94d216901cdf7011.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ae21333ff3abe85fda4e24e48b278ebc.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\af1f1ba619f2cd09c4136dfc6200feb6.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\b5c1ef51aabb834d8327b3154caf9673.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\da830fcca9a226b0a9dcb494793b4e60.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\e0d82dd89be4cfab7dd1955f63dbb09f.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ee30c39cad84b909459ec6c6cc03514a.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ff4416fd2e64d4daaa0ecc1bf17c889a.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\8db2ef01566a36a4407f85aa1330dd8b.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\09e649e55a3a7f33d7e96881e869a522.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\0a8dbe0235582650768b41735ecc7b54.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\0ed992b8d7d3743a3a9f915f634f8ad9.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\109eccf3e46942fd002c98b5f470b322.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\20557fb987ed5af6c5a21c00b1825fb7.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\3335aeed39188b1167ec1266446a4803.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\57dd1b91484e8e2a5e9a382034f010f4.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\7a11924da6f27891c347b85325eb52dc.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\8200507747559d2db85f77a3014cf787.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\9250c1f5c21a506f8997f5918bf80cb9.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\97536eb41a75c90cfd8aac53458efc8f.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\9cec35cb15d078ea3f31365dfa5b9356.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\cd045d8352541ec65efd1844593fd9a8.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\cd3497bf2cca4188e0c3e0f70cfd3f3e.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\ddc180428160b0f07cbf9fe06a164579.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\e036ce88b1df45c02799981b9fb90ef0.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\ef225f013f8e75900ae0dfe2d7aa973d.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\f0a7c78856b9c75eb06758dcf34c71a8.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\f8a77e610354530e4c20e6b5a25794fa.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\installer.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults\preferences\prefs.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\manifest.xml, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins.json, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\102.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\104.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\13.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\14.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\16.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\17.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\180.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\184.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\192.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\195.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\220.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\221.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\223.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\233.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\242.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\246.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\260.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\262.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\263.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\268.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\273.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\275.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\281.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\289.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\300.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\4.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\47.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\64.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\7.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\78.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\9.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\91.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\93.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode\background.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode\extension.js, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale\en-US\translations.dtd, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button1.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button2.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button3.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button4.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button5.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\crossrider_statusbar.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon128.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon16.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon24.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon48.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\panelarrow-up.png, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\popup.html, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\skin.css, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\update.css, Quarantined, [077e38b783f883b3d9050ef2c63da957], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome.manifest, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\install.rdf, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\0ab2bc832b86ea02f1fabdf8110901d7.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\5f7e651e54184e1c739f55b3157abc88.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\5fc2ba2cdfd34bd9ed3b1379c9cb8d07.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\99b8ee12892a9edbf77f0472ba338611.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\background.html, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\browser.xul, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\dialog.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\e6fb47f015a87ea3a5337d582b1d3669.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\f86dba94ab46480c210d3f58e1ac6c2a.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\options.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\options.xul, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\search_dialog.xul, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\19f46b1ca9f169b19bfee2f2cc835072.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\37917f0d4c9887df983fcfc4df78628d.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\3e9c7d286e68f5a8df289807c698c5b3.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\3ec2617f8c32f2bb5dd6c2188af734fe.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\5747dc599be44371d3c7fea30f9d6a99.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\682eb10fb5af22380aefca3cc6fc8b73.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\68fceab2f19e9a197b35aa261e5cdb02.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\8094aa9341d9592833f694bb9b17f29b.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\a202dce204b30f4c94d216901cdf7011.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ae21333ff3abe85fda4e24e48b278ebc.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\af1f1ba619f2cd09c4136dfc6200feb6.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\b5c1ef51aabb834d8327b3154caf9673.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\da830fcca9a226b0a9dcb494793b4e60.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\e0d82dd89be4cfab7dd1955f63dbb09f.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ee30c39cad84b909459ec6c6cc03514a.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ff4416fd2e64d4daaa0ecc1bf17c889a.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\8db2ef01566a36a4407f85aa1330dd8b.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\09e649e55a3a7f33d7e96881e869a522.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\0a8dbe0235582650768b41735ecc7b54.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\0ed992b8d7d3743a3a9f915f634f8ad9.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\109eccf3e46942fd002c98b5f470b322.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\20557fb987ed5af6c5a21c00b1825fb7.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\3335aeed39188b1167ec1266446a4803.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\57dd1b91484e8e2a5e9a382034f010f4.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\7a11924da6f27891c347b85325eb52dc.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\8200507747559d2db85f77a3014cf787.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\9250c1f5c21a506f8997f5918bf80cb9.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\97536eb41a75c90cfd8aac53458efc8f.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\9cec35cb15d078ea3f31365dfa5b9356.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\cd045d8352541ec65efd1844593fd9a8.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\cd3497bf2cca4188e0c3e0f70cfd3f3e.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\ddc180428160b0f07cbf9fe06a164579.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\e036ce88b1df45c02799981b9fb90ef0.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\ef225f013f8e75900ae0dfe2d7aa973d.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\f0a7c78856b9c75eb06758dcf34c71a8.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\f8a77e610354530e4c20e6b5a25794fa.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\installer.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults\preferences\prefs.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\manifest.xml, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins.json, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\102.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\104.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\13.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\14.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\16.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\17.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\180.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\184.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\192.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\195.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\220.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\221.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\223.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\233.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\242.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\246.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\260.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\262.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\263.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\268.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\273.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\275.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\281.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\289.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\300.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\4.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\47.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\64.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\7.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\78.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\9.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\91.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\93.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode\background.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode\extension.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale\en-US\translations.dtd, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button1.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button2.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button3.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button4.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button5.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\crossrider_statusbar.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon128.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon16.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon24.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon48.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\panelarrow-up.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\popup.html, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\skin.css, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\update.css, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e], PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, Quarantined, [394c539cf4879b9b0adb0503e2218e72], PUP.Optional.OneSoftPerDay.A, C:\Users\cynical\AppData\Local\ospd_us_111\upospd_us_111.cyl, Quarantined, [414498570d6e3402f3f3af59c63d7789], PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111\upospd_us_111.cyl, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd], PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111\user_profil.cyp, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd], PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111\Download\majospd_gentleus.exe, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\onesoftperday_widget.exe, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\predm.exe, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\unins000.dat, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\unins000.exe, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\unins000.msg, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b], PUP.Optional.SystemAlerts.A, C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC\DesktopTemperature.exe_Url_z4jwgjlnvqyt4phogilb4bdgkf540uph\1.24.0.0\user.config, Quarantined, [3253747baecdfd397ea37297f01321df], PUP.Optional.PennyBee.A, C:\Users\cynical\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.3.0\user.config, Quarantined, [e69fe906e794280e55ef86838c77f10f], PUP.Optional.PennyBee.A, C:\Users\L33tMaN\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.3.0\user.config, Quarantined, [7c0901ee2d4e66d0b78d20e955ae5ea2], PUP.Optional.DeleteAd.A, C:\ProgramData\DeleteAd\DeleteAd.exe, Quarantined, [e79e36b98af1be78d111d437f112a25e], Physical Sectors: 0 (No malicious items detected) (end)
- October 4, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

Here is the first log: Rkill 2.6.8 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/01/2014 07:26:10 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Reparse Point/Junctions Found (Most likely legitimate)! * C:\windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir] Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 10/01/2014 07:27:07 PM Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s) Cleanup Tool did run; will try to run MB in a day or 2.
- October 1, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

# AdwCleaner v3.310 - Report created 29/09/2014 at 19:38:54 # Updated 12/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : L33tMaN - L33TMAN-PC # Running from : C:\Users\L33tMaN\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : globalUpdate [#] Service Deleted : globalUpdatem Service Deleted : netfilter64 [#] Service Deleted : sbmntr Service Deleted : Scores ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\DigiSaver Folder Deleted : C:\ProgramData\ItsReadyApp Folder Deleted : C:\ProgramData\SNT Folder Deleted : C:\ProgramData\systemk Folder Deleted : C:\ProgramData\Trusted Publisher Folder Deleted : C:\ProgramData\BiituSaovearr Folder Deleted : C:\ProgramData\DDigiSSaver Folder Deleted : C:\ProgramData\DEaalExpprress Folder Deleted : C:\ProgramData\EnJoyuCoauupponi Folder Deleted : C:\ProgramData\RaeggulaarDEAls Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons Folder Deleted : C:\Program Files (x86)\globalUpdate Folder Deleted : C:\Program Files (x86)\PC Cleaner Folder Deleted : C:\Program Files (x86)\PennyBee Folder Deleted : C:\Program Files (x86)\PepperZip Folder Deleted : C:\Program Files (x86)\Settings Manager Folder Deleted : C:\Program Files (x86)\SNT Folder Deleted : C:\Program Files\002 Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Administrator\AppData\Local\torch Folder Deleted : C:\Users\cynical\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\cynical\AppData\Local\GCC Folder Deleted : C:\Users\cynical\AppData\Local\torch Folder Deleted : C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Guest\AppData\Local\torch Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch Folder Deleted : C:\Users\L33tMaN\AppData\Local\AskPartnerNetwork Folder Deleted : C:\Users\L33tMaN\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\L33tMaN\AppData\Local\globalUpdate Folder Deleted : C:\Users\L33tMaN\AppData\Local\torch Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\Object Browser Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\Smartbar Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Systweak Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\VOPackage Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\wse_astromenda Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader Folder Deleted : C:\Users\Public\Documents\ShopperPro Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183} Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\c.eyojmmbh@k-ibrqfvprx.com Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\c.eyojmmbh@k-ibrqfvprx.com Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\eooe@mkpc-.com Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\eooe@mkpc-.com Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\hdz3xas@yomwft.net Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\hdz3xas@yomwft.net Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\kf3i@rcjkzhxfcj.edu Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\kf3i@rcjkzhxfcj.edu Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\rjanqoar@sic.org Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\rjanqoar@sic.org Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\uuui-iaya@ftauomllc.org Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\uuui-iaya@ftauomllc.org Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\whpz_9aui@ywh-aua.net Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\whpz_9aui@ywh-aua.net Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\ydbka@lynubkqd.co.uk Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\ydbka@lynubkqd.co.uk Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\a6jz@aeyoiia.net Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\ujhs@iy-ifro.co.uk Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibelhbaipgfkolikojeolihodbmiimib Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhpfckdljkknkmffihkbmnhjhkhdjpcl [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkeclpkjbbijdbimkckghjlnddfaeoe Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob File Deleted : C:\Users\cynical\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx File Deleted : C:\END File Deleted : C:\monitor.exe File Deleted : C:\windows\score.exe File Deleted : C:\windows\System32\drivers\netfilter64.sys File Deleted : C:\windows\System32\log\iSafeKrnlCall.log File Deleted : C:\windows\System32\roboot64.exe File Deleted : C:\Users\cynical\daemonprocess.txt File Deleted : C:\Users\cynical\AppData\LocalLow\SkwConfig.bin File Deleted : C:\Users\cynical\Desktop\PepperZip.lnk File Deleted : C:\Users\UpdatusUser\Desktop\PepperZip.lnk File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\astromenda.xml File Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\astromenda.xml File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\Groovorio.xml File Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\Groovorio.xml File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\user.js File Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\user.js File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_service.pricegong.com_0.localstorage-journal File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage ***** [ Scheduled Tasks ] ***** Task Deleted : ASP Task Deleted : BackgroundContainer Startup Task Task Deleted : Dealply Task Deleted : globalUpdateUpdateTaskMachineCore Task Deleted : globalUpdateUpdateTaskMachineUA Task Deleted : LaunchSignup Task Deleted : Smp Task Deleted : SMupdate1 Task Deleted : SPDriver Task Deleted : VisualBeeRecovery Task Deleted : WSE_Astromenda Task Deleted : YTDownloader Task Deleted : 7811b4e1-cc43-4429-852a-998646c16bc7 Task Deleted : d0129b8e-caeb-4107-8574-418aabad4b13 Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-1 Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-11 Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-2 Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-3 Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-4 Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-5 Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-5_user Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-6 Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-7 ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware\Product Registration.lnk Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{11C3EB7B-A21E-CEFD-BC6D-10B13205EF14}] Key Deleted : HKCU\Software\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\oxy.exe Key Deleted : HKLM\SOFTWARE\Microsoft\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0064449.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0064449.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0064449.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0064449.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622442249} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655445549} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666446649} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644444449} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622442249} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655445549} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666446649} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Linkey Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\PennyBee Key Deleted : HKCU\Software\PepperZip Key Deleted : HKCU\Software\RegisteredApplicationsEx Key Deleted : HKCU\Software\ShopperPro Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\usyndication.com Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Object Browser Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Key Deleted : HKLM\SOFTWARE\GlobalUpdate Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions Key Deleted : HKLM\SOFTWARE\ShopperPro Key Deleted : HKLM\SOFTWARE\systweak Key Deleted : HKLM\SOFTWARE\Tutorials Key Deleted : HKLM\SOFTWARE\Uniblue Key Deleted : HKLM\SOFTWARE\VBMZ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PennyBee Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename", "Groovorio"); Line Deleted : user_pref("browser.search.selectedEngine", "Groovorio"); Line Deleted : user_pref("browser.startup.homepage", "hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCt[...] Line Deleted : user_pref("extensions.a56560a80995b47cd852a772f3a7ea92bgmailcom64449.64449.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...] Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V[...] Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD[...] Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda"); Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda"); Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytD[...] Line Deleted : user_pref("extensions.crossrider.bic", "14880ecda5c5c1343304df8fa96517a5"); [ File : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js ] Line Deleted : user_pref("extensions.4LzwQXJI_k3u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...] Line Deleted : user_pref("extensions.4cxz.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...] Line Deleted : user_pref("extensions.Bph07E8q4T.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...] Line Deleted : user_pref("extensions.Eqp5ofch.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...] Line Deleted : user_pref("extensions.O1uSrr.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...] Line Deleted : user_pref("extensions.OrwRs.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...] Line Deleted : user_pref("extensions.U43kaHjR.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...] Line Deleted : user_pref("extensions.YeSbu4wMKYgh.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...] Line Deleted : user_pref("extensions.a56560a80995b47cd852a772f3a7ea92bgmailcom64449.64449.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...] Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V[...] Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD[...] Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda"); Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda"); Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytD[...] Line Deleted : user_pref("extensions.crossrider.bic", "14873268b7f015ef7f034a2e629e7ace"); Line Deleted : user_pref("extensions.yBcTbQmJN4j.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...] Line Deleted : user_pref("extensions.zIGZAHOU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...] -\\ Google Chrome v37.0.2062.124 [ File : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://default.maxwebsearch.com/s?type=default&userid=e4337837-2ccf-44ae-bd5d-9306d52ec4ce&implementation=maxwebsearch&implementationdomain=maxwebsearch.com&source=&uc=20130113&subid=20130113&query={searchTerms} Deleted [search Provider] : hxxp://blank.maxwebsearch.com/s?type=blank&query={searchTerms}&local=0&i_id=maxwebsearch&source=&uid=e4337837-2ccf-44ae-bd5d-9306d52ec4ce&uc=20130113&subid=20130113 Deleted [search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110801&tl=280113_9103&tt=280113_9103&babsrc=SP_ss&mntrId=86966daa000000000000083e8e4eeb3f Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN37897023201727314&ctid=CT3287802&UM=2&sspv=TB_CNI1 Deleted [search Provider] : hxxp://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=377&r=2013/11/23&hid=3280892760132986455&lg=EN&cc=US&unqvl=42 Deleted [search Provider] : hxxp://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_cr_us_display?ie=UTF8&tagbase=bds-y46&tag=bds-y46-serp-us-cr-20&tbrId=v1_bds-y46_e020580ae7d7492c8a581e14c36c7dde_1012_1005_20131123_US_cr_ds_todownload&query={searchTerms} Deleted [search Provider] : hxxp://www-search.net/search.aspx?s=E8Ozsmt00_0_0_0_0,8838bbd0-cd4d-4cb4-9e1d-ad431133ffa4,,8838bbd0-cd4d-4cb4-9e1d-ad431133ffa4,&q={searchTerms} [ File : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://www-search.net/search.aspx?s=E8Ozsmt00_0_0_0_0,8838bbd0-cd4d-4cb4-9e1d-ad431133ffa4,,8838bbd0-cd4d-4cb4-9e1d-ad431133ffa4,&q={searchTerms} Deleted [search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir= Deleted [search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae ************************* AdwCleaner[R0].txt - [78496 octets] - [25/03/2014 20:21:35] AdwCleaner[R1].txt - [49146 octets] - [29/09/2014 19:37:32] AdwCleaner[s0].txt - [77709 octets] - [25/03/2014 20:24:17] AdwCleaner[s1].txt - [46004 octets] - [29/09/2014 19:38:54] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [46065 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.2.3 (09.27.2014:1) OS: Windows 7 Home Premium x64 Ran by L33tMaN on Tue 09/30/2014 at 19:50:52.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update swift browse Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util swift browse Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611441149} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\L33tMaN\AppData\Roaming\mozilla\firefox\profiles\vdq54lkb.default\prefs.js user_pref("extensions.yBcTbQmJN4j.url", "hxxp://fasten-tech.com/sync2/?q=hfZ9ofV9CShEAen0rjk8pchTB6lKDzt4olljtNtVh7n0rjnEqjwErdrGqTr5tMFHhd9Fqda4rTYEqHsFrjnMDMlGojUMAe4UojgHpd Emptied folder: C:\Users\L33tMaN\AppData\Roaming\mozilla\firefox\profiles\vdq54lkb.default\minidumps [8 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\L33tMaN\appdata\local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 09/30/2014 at 19:52:40.29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ �� --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.15, December 2012 Started On Tue Jan 01 16:58:28 2013 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 01 16:59:11 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.16, January 2013 Started On Tue Jan 08 19:10:51 2013 ->Scan ERROR: resource process://pid:2524 (code 0x00000005 (5)) Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 08 19:11:40 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.17, February 2013 Started On Wed Feb 13 18:57:33 2013 ->Scan ERROR: resource process://pid:1252 (code 0x00000005 (5)) Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 18:58:37 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.18, March 2013 Started On Fri Apr 05 14:04:22 2013 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 05 14:05:15 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.21, June 2013 Started On Wed Jun 12 16:27:07 2013 ->Scan ERROR: resource process://pid:260 (code 0x00000005 (5)) Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 12 16:28:08 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.22, July 2013 Started On Tue Jul 16 20:31:20 2013 ->Scan ERROR: resource process://pid:1256 (code 0x00000005 (5)) Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 16 20:32:18 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0) Started On Thu Aug 15 19:45:54 2013 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 15 19:46:50 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0) Started On Tue Sep 10 19:05:52 2013 Engine: 1.1.9800.0 Signatures: 1.157.932.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 10 19:06:51 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0) Started On Tue Oct 08 21:51:56 2013 Engine: 1.1.9901.0 Signatures: 1.159.530.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 08 21:52:56 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0) Started On Sun Nov 17 03:00:34 2013 Engine: 1.1.10003.0 Signatures: 1.161.1618.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sun Nov 17 03:01:37 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0) Started On Sun Dec 15 16:12:45 2013 Engine: 1.1.10100.0 Signatures: 1.163.1013.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 15 16:14:08 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0) Started On Sat Jan 18 03:01:05 2014 Engine: 1.1.10201.0 Signatures: 1.165.1273.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 18 03:03:23 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0) Started On Sun Feb 16 03:00:43 2014 Engine: 1.1.10201.0 Signatures: 1.165.3163.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 03:02:16 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0) Started On Tue Mar 18 20:00:39 2014 Engine: 1.1.10302.0 Signatures: 1.167.1001.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 18 20:01:58 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0) Started On Wed Apr 09 19:57:08 2014 Engine: 1.1.10401.0 Signatures: 1.169.1258.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 19:58:17 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0) Started On Tue May 13 19:55:00 2014 Engine: 1.1.10502.0 Signatures: 1.173.1305.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue May 13 19:56:12 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0) Started On Wed Jun 11 18:14:11 2014 Engine: 1.1.10600.0 Signatures: 1.175.1113.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 18:15:25 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0) Started On Wed Jul 09 19:33:02 2014 Engine: 1.1.10701.0 Signatures: 1.177.949.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 09 19:34:38 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0) Started On Wed Aug 13 03:04:44 2014 Engine: 1.1.10802.0 Signatures: 1.179.1796.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 03:08:02 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0) Started On Sat Sep 13 03:02:45 2014 Engine: 1.1.10904.0 Signatures: 1.183.882.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 13 03:10:47 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0) Started On Tue Sep 30 19:57:44 2014 Engine: 1.1.10904.0 Signatures: 1.183.882.0
- October 1, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014 02 Ran by L33tMaN at 2014-09-28 19:24:43 Run:3 Running from C:\Users\L33tMaN\Desktop Loaded Profiles: L33tMaN & cynical (Available profiles: UpdatusUser & L33tMaN & cynical) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start (app) C:\Program Files (x86)\Browser+ Apps+\d0129b8e-caeb-4107-8574-418aabad4b13.exe C:\Program Files (x86)\Browser+ Apps+ (MyOSCompany) C:\Program Files (x86)\PCTRunner\MyOSProtect.exe C:\Program Files (x86)\PCTRunner HKLM-x32\...\Run: [WebInternetSecurity] => "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe" C:\Program Files (x86)\Webinternetsecurity HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" C:\Program Files (x86)\AskPartnerNetwork HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [se] => C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-08-23] (SkypEmoticons) C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader) C:\Program Files (x86)\YTDownloader HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found C:\PROGRA~2\SearchProtect HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com...=1571061767&ir= SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com...=1571061767&ir= SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com...=1571061767&ir= SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com...=1571061767&ir= BHO: Browser+ Apps+ -> {11111111-1111-1111-1111-110611441149} -> C:\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho64.dll (app) BHO-x32: Browser+ Apps+ -> {11111111-1111-1111-1111-110611441149} -> C:\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho.dll (app) Winsock: Catalog9 01 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 02 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 03 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 04 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 21 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9-x64 01 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 02 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 03 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 04 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 15 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) cmd: netsh winsock reset FF Homepage: hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= FF DefaultSearchEngine: Groovorio FF SelectedSearchEngine: Groovorio CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=", "hxxp://astromenda.com/?f=7&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir=" CHR DefaultSearchKeyword: Default -> groovorio.com CHR DefaultSearchProvider: Default -> Groovorio CHR DefaultSearchURL: Default -> http://groovorio.com...=1571061767&ir= CHR Extension: (Groovorio New Tab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2014-09-16] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R3 MyOSProtect; C:\Program Files (x86)\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed] S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] C:\monitorsvc.exe S2 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [X] S4 aswSP; No ImagePath C:\windows\SysWOW64\MyOSProtect.ini C:\windows\SysWOW64\MyOSProtectOff.ini C:\windows\system32\MyOSProtectOff.ini C:\windows\system32\MyOSProtect64.dll C:\windows\SysWOW64\MyOSProtect.dll C:\Users\Public\AlexaNSISPlugin.3888.dll C:\Users\L33tMaN\AppData\Local\Temp\032939rr.exe C:\Users\L33tMaN\AppData\Local\Temp\6_Offer_13.exe C:\Users\L33tMaN\AppData\Local\Temp\99e01abe8193efaba61686db19cab8b8.dll C:\Users\L33tMaN\AppData\Local\Temp\APNSetup.exe C:\Users\L33tMaN\AppData\Local\Temp\BackupSetup.exe C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup245.exe C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup5726.exe C:\Users\L33tMaN\AppData\Local\Temp\comver.dll C:\Users\L33tMaN\AppData\Local\Temp\FreeZip920.exe C:\Users\L33tMaN\AppData\Local\Temp\nscC558.tmp.exe C:\Users\L33tMaN\AppData\Local\Temp\optprosetup.exe C:\Users\L33tMaN\AppData\Local\Temp\post1.exe C:\Users\L33tMaN\AppData\Local\Temp\post2.dll C:\Users\L33tMaN\AppData\Local\Temp\post2.exe C:\Users\L33tMaN\AppData\Local\Temp\setup_ex.exe C:\Users\L33tMaN\AppData\Local\Temp\shutdown1408846448.exe C:\Users\L33tMaN\AppData\Local\Temp\SpOrder.dll C:\Users\L33tMaN\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\L33tMaN\AppData\Local\Temp\Tsu5D1EC982.dll C:\Users\L33tMaN\AppData\Local\Temp\updateb.exe C:\Users\L33tMaN\AppData\Local\Temp\update_31858_setup.exe Task: {023CD68F-48C5-4C40-A563-162B425C1BB9} - System32\Tasks\Updater21802.exe => C:\Users\cynical\AppData\Local\Updater21802\Updater21802.exe <==== ATTENTION C:\Users\cynical\AppData\Local\Updater21802 Task: {1444863C-CEFA-413B-8CF8-CACB600F485B} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {18A5DCA4-5ACA-4341-A32D-880E91F08B3F} - System32\Tasks\pc-dis-upd => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe [2013-01-01] (PC Cleaners Inc.) <==== ATTENTION C:\Program Files (x86)\PC Cleaners Task: {3F91A3D8-C549-402F-B916-E5FD071269B0} - System32\Tasks\Oxy => C:\Users\cynical\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION C:\Users\cynical\AppData\Roaming\Oxy Task: {4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8} - System32\Tasks\RunAsStdUser Task => C:\Users\cynical\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION Task: {B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {D57B8DD7-8986-47A5-9113-4033E31B09CE} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION c:\programdata\quickset Task: C:\windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:AD022376 AlternateDataStreams: C:\ProgramData\Temp:D346F792 EmptyTemp: End ***************** [4780] C:\Program Files (x86)\Browser+ Apps+\d0129b8e-caeb-4107-8574-418aabad4b13.exe => Process closed successfully. C:\Program Files (x86)\Browser+ Apps+ => Moved successfully. [5864] C:\Program Files (x86)\PCTRunner\MyOSProtect.exe => Process closed successfully. C:\Program Files (x86)\PCTRunner => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WebInternetSecurity => value deleted successfully. "C:\Program Files (x86)\Webinternetsecurity" => File/Directory not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value deleted successfully. "C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found. HKU\S-1-5-21-383299565-3798718073-3649502856-1001\Software\Microsoft\Windows\CurrentVersion\Run\\se => value deleted successfully. C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons => Moved successfully. HKU\S-1-5-21-383299565-3798718073-3649502856-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully. C:\Program Files (x86)\YTDownloader => Moved successfully. "HKU\S-1-5-21-383299565-3798718073-3649502856-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963}" => Key not found. "HKU\S-1-5-21-383299565-3798718073-3649502856-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963}" => Key not found. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully. C:\PROGRA~2\SearchProtect => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611441149}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110611441149}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611441149}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611441149}" => Key deleted successfully. Winsock: Catalog entry 000000000001 => Deleted successfully. Winsock: Catalog entry 000000000002 => Deleted successfully. Winsock: Catalog entry 000000000003 => Deleted successfully. Winsock: Catalog entry 000000000004 => Deleted successfully. Winsock: Catalog entry 000000000021 => Deleted successfully. Winsock: Catalog entry 000000000001 => Deleted successfully. Winsock: Catalog entry 000000000002 => Deleted successfully. Winsock: Catalog entry 000000000003 => Deleted successfully. Winsock: Catalog entry 000000000004 => Deleted successfully. Winsock: Catalog entry 000000000015 => Deleted successfully. ========= netsh winsock reset ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107 Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= Firefox homepage deleted successfully. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. Chrome DefaultSearchKeyword deleted successfully. CHR DefaultSearchProvider: Default -> Groovorio ==> The Chrome "Settings" can be used to fix the entry. Chrome DefaultSearchURL deleted successfully. C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKCU\SOFTWARE\Policies\Google" => Key deleted successfully. MyOSProtect => Service deleted successfully. ProtectMonitor => Service deleted successfully. C:\monitorsvc.exe => Moved successfully. PennyBee => Service deleted successfully. aswSP => Service deleted successfully. C:\windows\SysWOW64\MyOSProtect.ini => Moved successfully. C:\windows\SysWOW64\MyOSProtectOff.ini => Moved successfully. C:\windows\system32\MyOSProtectOff.ini => Moved successfully. C:\windows\system32\MyOSProtect64.dll => Moved successfully. C:\windows\SysWOW64\MyOSProtect.dll => Moved successfully. C:\Users\Public\AlexaNSISPlugin.3888.dll => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\032939rr.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\6_Offer_13.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\99e01abe8193efaba61686db19cab8b8.dll => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\APNSetup.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\BackupSetup.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup245.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup5726.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\comver.dll => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\FreeZip920.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\nscC558.tmp.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\optprosetup.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\post1.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\post2.dll => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\post2.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\setup_ex.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\shutdown1408846448.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\SpOrder.dll => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\Tsu5D1EC982.dll => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\updateb.exe => Moved successfully. C:\Users\L33tMaN\AppData\Local\Temp\update_31858_setup.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{023CD68F-48C5-4C40-A563-162B425C1BB9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{023CD68F-48C5-4C40-A563-162B425C1BB9}" => Key deleted successfully. C:\Windows\System32\Tasks\Updater21802.exe not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater21802.exe" => Key deleted successfully. "C:\Users\cynical\AppData\Local\Updater21802" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1444863C-CEFA-413B-8CF8-CACB600F485B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1444863C-CEFA-413B-8CF8-CACB600F485B}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18A5DCA4-5ACA-4341-A32D-880E91F08B3F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18A5DCA4-5ACA-4341-A32D-880E91F08B3F}" => Key deleted successfully. C:\Windows\System32\Tasks\pc-dis-upd => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pc-dis-upd" => Key deleted successfully. "C:\Program Files (x86)\PC Cleaners" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F91A3D8-C549-402F-B916-E5FD071269B0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F91A3D8-C549-402F-B916-E5FD071269B0}" => Key deleted successfully. C:\Windows\System32\Tasks\Oxy => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy" => Key deleted successfully. "C:\Users\cynical\AppData\Roaming\Oxy" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8}" => Key deleted successfully. C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91}" => Key deleted successfully. C:\Windows\System32\Tasks\GC_Informer => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A}" => Key deleted successfully. C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D57B8DD7-8986-47A5-9113-4033E31B09CE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D57B8DD7-8986-47A5-9113-4033E31B09CE}" => Key deleted successfully. C:\Windows\System32\Tasks\SK.Enhancer-S-161304646 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SK.Enhancer-S-161304646" => Key deleted successfully. "c:\programdata\quickset" => File/Directory not found. C:\windows\Tasks\SK.Enhancer-S-161304646.job not found. C:\ProgramData\Temp => ":AD022376" ADS removed successfully. C:\ProgramData\Temp => ":D346F792" ADS removed successfully. EmptyTemp: => Removed 10.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Malware Bytes won't install after downloading; as per original post. Getting a runtime error. Tried all the fixes in that post, but nothing works. https://forums.malwarebytes.org/index.php?/topic/149909-internal-error-expression-error-runtime-error-external-exception-e06d7363/ Will try other programs tonight.
- September 29, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by L33tMaN at 2014-03-27 19:19:07 Running from C:\Users\L33tMaN\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.) AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden Alienware Command Center (HKLM-x32\...\InstallShield_{6A7D1CAC-6267-4C71-A759-CB5D9E9FAFAA}) (Version: 2.7.25.0 - Alienware Corp.) Alienware Command Center (Version: 2.7.25.0 - Alienware Corp.) Hidden Allied Intent .2 client (HKLM-x32\...\Allied Intent .2 client) (Version: - ) Allied Intent Xtended 2.0 (HKLM-x32\...\Allied Intent Xtended) (Version: 2.0 - AIX Community) Battlecraft 1942 (HKLM-x32\...\Battlecraft 19422.1) (Version: - ) Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - ) Battlefield 1942 Windows Vista/7 Compatibility Fix (HKLM\...\{99720953-c1d6-4b90-8012-b7c3337f4efe}.sdb) (Version: - ) Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version: - ) Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version: - ) Battlefield 2 (HKLM-x32\...\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}) (Version: 1.5.0.0 - Electronic Arts) Battlefield 2 Demo (HKLM-x32\...\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}) (Version: - ) Battlefield Mod Development Toolkit 2.0 Beta (HKLM-x32\...\MDT) (Version: - ) Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts) Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts) Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts) Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden couponamazing (HKLM-x32\...\couponamazing) (Version: 1.1357065019 - couponamazing.com) <==== ATTENTION CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4827 - CyberLink Corp.) CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4827 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura) FFOLKES Unlocks123 mod v1.4.1 (HKLM-x32\...\FFOLKES Unlocks123 mod v1.4.1) (Version: - ) Forgoten Hope 2 (2 of 2) (dummy) (HKLM-x32\...\Forgotten Hope 2) (Version: - ) Forgotten Hope 0.70 (HKLM-x32\...\Forgotten Hope) (Version: 0.70 - Forgotten Hope Mod Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lock On: Modern Air Combat (HKLM-x32\...\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}) (Version: 1.00.000 - ) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Max Websearch (HKLM-x32\...\Maxwebsearch) (Version: - Maxwebsearch) Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.36 - NVIDIA Corporation) NVIDIA Control Panel 296.36 (Version: 296.36 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.36 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9636 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.26.3.2879 - PasswordBox, Inc.) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd) Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.0 - Project Reality) PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version: - ) QuickShare (HKLM-x32\...\{232F1B14-7126-491F-AC8C-6123BA58FDE2}) (Version: 1.135.60.12323 - Linkury Inc.) <==== ATTENTION Ravaged (HKLM-x32\...\Steam App 96300) (Version: - ) RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition) Sandbox (HKLM-x32\...\Sandbox) (Version: - ) Savings Explorer (HKLM-x32\...\Savings Explorer) (Version: 1.24.151.151 - 215 Apps) Scholastic's I SPY Fantasy (HKLM-x32\...\Scholastic's I SPY Fantasy) (Version: - ) Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version: - ) Scholastic's I SPY Treasure Hunt (HKLM-x32\...\Scholastic's I SPY Treasure Hunt) (Version: 1.0 - Scholastic Inc.) ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION ShopOn Coupon Extension Helper (HKLM\...\ShopOn) (Version: 1.6.49 - ShopOn Unlimited LLC) <==== ATTENTION Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) Virtual Families Packages (HKCU\...\Virtual Families Packages) (Version: - ) <==== ATTENTION WebInternetSecurity (HKLM-x32\...\Webinternetsecurity) (Version: - Webinternetsecurity) WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat) WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WOoKie Sniper Mod 1.3 (HKLM-x32\...\WOoKie Sniper Mod) (Version: 1.3 - Scouty) WordPad+ version 1.01 (HKLM-x32\...\WordPad+_is1) (Version: 1.01 - ) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net) World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version: - Wargaming.net) World of Warplanes Hack Toll 2.8 (HKLM-x32\...\World of Warplanes Hack Toll 2.8) (Version: - ) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 16-03-2014 07:45:21 Scheduled Checkpoint 19-03-2014 00:00:24 Windows Update 22-03-2014 03:11:43 Windows Update 25-03-2014 21:37:54 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {011370A5-018E-4AA2-A481-1523E7A23A58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.) Task: {023CD68F-48C5-4C40-A563-162B425C1BB9} - System32\Tasks\Updater21802.exe => C:\Users\cynical\AppData\Local\Updater21802\Updater21802.exe <==== ATTENTION Task: {0374F184-232F-4118-8419-55F5688FAD94} - \GoforFilesUpdate No Task File Task: {13054A1C-87B3-40D9-811C-13B64AEBA521} - System32\Tasks\{A4C966BB-E0F7-4EA0-BAFF-378BD1F89D43} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe Task: {1444863C-CEFA-413B-8CF8-CACB600F485B} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {1720B02C-915C-49D2-9F77-41C9414781FD} - System32\Tasks\{E80F6B32-5D3A-42B6-AD92-BB4419995F64} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {18A5DCA4-5ACA-4341-A32D-880E91F08B3F} - System32\Tasks\pc-dis-upd => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe [2013-01-01] (PC Cleaners Inc.) <==== ATTENTION Task: {19472C8B-735D-4912-9716-B385C44BA07A} - System32\Tasks\TidyNetwork Update => C:\Users\cynical\AppData\Local\TidyNetwork\petnupdate.exe Task: {2D7C059A-1C14-4D22-9089-50AE99B508E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {310B9523-078B-410A-BFA5-2A8D9F04142C} - System32\Tasks\{407E4C35-61C1-4ED6-9FF4-526E5B00DE1F} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {33B0FF98-90B9-4742-BE46-43BE2D294852} - System32\Tasks\{341E9A2A-7320-4E28-A66E-D615E3701034} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {3C8C2035-B41A-4487-9BD7-16CECADA3107} - \Dealply No Task File Task: {3F91A3D8-C549-402F-B916-E5FD071269B0} - System32\Tasks\Oxy => C:\Users\cynical\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION Task: {458EC67D-CDD7-45D8-A283-943A5D498EDF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {4B0D1B46-6C73-499D-9567-9E407789909A} - System32\Tasks\{773B3E96-62DA-4A63-9D8D-066DDCBF4F0E} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8} - System32\Tasks\RunAsStdUser Task => C:\Users\cynical\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION Task: {69F31346-B202-4B52-83C8-38A13151F95B} - \BackgroundContainer Startup Task No Task File Task: {7AF87EB6-A50C-42AB-BAC5-ED331B75213F} - System32\Tasks\{B143C027-5E0A-4953-A279-00F911072A82} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {825F3FA3-0D8D-4A97-BED1-ED92E699BE05} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {8B81D2E4-E4CC-4B83-8E86-E0D6AFED81F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.) Task: {982B2063-2ACA-4114-8641-F7F03E4466C7} - System32\Tasks\{1B4171AB-B20F-42D6-90A5-F8B0442B8E9E} => C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe Task: {B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {B3C3C651-4FAA-4BCF-9C5D-35E8745A7124} - System32\Tasks\{2DB518E2-242C-48AE-B842-9B476DC059A7} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {BE244C55-D878-437F-8958-D629A45820B1} - System32\Tasks\VisualBeeRecovery => C:\Users\cynical\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe Task: {D146400E-D601-4848-B232-E55DAD7CEF7D} - System32\Tasks\{DDAE764B-5E62-4542-81A7-9F530B2AFAEA} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe Task: {D21A428F-B137-4082-B614-CC2DBDC5027F} - System32\Tasks\{6CD8CB2F-67CF-4051-8371-8C7532DA141C} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {D57B8DD7-8986-47A5-9113-4033E31B09CE} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION Task: {D5E597B0-AEF9-4B45-B1FE-6022BAD894EF} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe Task: {E57F0D33-3F19-4198-8CC3-C7EE1BB01B67} - System32\Tasks\{3CA31466-DEDD-4D77-9668-9C817280AAC9} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {E7594EA4-3392-41B3-8CDC-D73F6FB3664E} - System32\Tasks\{7C31E5D9-F65C-493F-AFB8-E1DEAB2E500B} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: {F2E7344B-9FA6-44BF-BDC7-FB1E0C2026E5} - System32\Tasks\{D89C3165-63A0-4E42-A9CA-6F65D48D364C} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe Task: {F9ED1981-BA10-43D4-95B0-BFCEC7FB3ABD} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe [2014-01-20] () Task: {FF87AC17-1E07-4ED4-91C7-7982BDF43741} - System32\Tasks\{5CCB7AEE-C302-44F7-A930-4C42D2825F16} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] () Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\pc-dis-upd.job => ? Task: C:\windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-10-12 00:19 - 2013-10-12 00:19 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe 2012-11-30 00:31 - 2012-11-30 00:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2012-06-08 01:36 - 2012-03-19 19:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-10-16 16:00 - 2013-10-16 16:00 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 15:12 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2012-06-08 01:37 - 2012-03-23 00:10 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2014-01-10 22:40 - 2013-12-12 18:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll 2014-01-10 22:40 - 2013-11-04 21:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll 2013-03-25 17:23 - 2014-02-10 22:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2012-12-31 22:37 - 2014-02-25 17:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2012-12-31 22:37 - 2014-01-10 19:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-12-31 22:37 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-12-31 22:37 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-12-31 22:37 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2012-06-08 00:09 - 2012-03-06 15:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:AD022376 AlternateDataStreams: C:\ProgramData\Temp:D346F792 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/24/2014 07:42:44 PM) (Source: Application Error) (User: ) Description: Faulting application name: AlienwareAlienFXController.exe, version: 2.7.25.0, time stamp: 0x4f0c4453 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x003b6bec Faulting process id: 0x1524 Faulting application start time: 0xAlienwareAlienFXController.exe0 Faulting application path: AlienwareAlienFXController.exe1 Faulting module path: AlienwareAlienFXController.exe2 Report Id: AlienwareAlienFXController.exe3 Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime) (User: ) Description: Application: AlienwareAlienFXController.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>) at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent() at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/22/2014 05:41:26 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/16/2014 03:39:39 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/15/2014 03:22:20 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (03/07/2014 05:59:31 PM) (Source: Application Hang) (User: ) Description: The program hl2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1394 Start Time: 01cf3a4f826d15ce Termination Time: 402 Application Path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe Report Id: System errors: ============= Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/ Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/ Error: (03/27/2014 04:03:50 PM) (Source: Service Control Manager) (User: ) Description: The ShopOn Service service hung on starting. Error: (03/27/2014 04:02:28 PM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater18.0.5 service failed to start due to the following error: %%2 Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: ) Description: The Portable Device Enumerator Service service failed to start due to the following error: %%1115 Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: ) Description: The Human Interface Device Access service failed to start due to the following error: %%1115 Microsoft Office Sessions: ========================= Error: (03/24/2014 07:42:44 PM) (Source: Application Error)(User: ) Description: AlienwareAlienFXController.exe2.7.25.04f0c4453unknown0.0.0.000000000c0000005003b6bec152401cf47baaf4e6395C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exeunknownfe7e57c9-b3ad-11e3-b803-848f69f575ee Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime)(User: ) Description: Application: AlienwareAlienFXController.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>) at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent() at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/22/2014 05:41:26 AM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/16/2014 03:39:39 AM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/15/2014 03:22:20 PM) (Source: SideBySide)(User: ) Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2 Error: (03/07/2014 05:59:31 PM) (Source: Application Hang)(User: ) Description: hl2.exe0.0.0.0139401cf3a4f826d15ce402C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
- September 26, 2014
- 28 replies
Any Possible Soultion?

bmg replied to bmg's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014 Ran by L33tMaN (administrator) on L33TMAN-PC on 24-09-2014 20:01:19 Running from C:\Users\L33tMaN\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\monitor.exe (app) C:\Program Files (x86)\Browser+ Apps+\d0129b8e-caeb-4107-8574-418aabad4b13.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () C:\Windows\score.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (MyOSCompany) C:\Program Files (x86)\PCTRunner\MyOSProtect.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe () C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe (SkypEmoticons) C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons\SE.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (System Alerts LLC) C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor) HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2012-01-10] (Alienware) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [RemoteControl9] => c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-12-16] (cyberlink) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2013-01-01] (RealNetworks, Inc.) HKLM-x32\...\Run: [WebInternetSecurity] => "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe" HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" HKLM-x32\...\Run: [ospd_us_111] => "C:\Program Files (x86)\ospd_us_111\ospd_us_111.exe" Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation) HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [GoogleChromeAutoLaunch_EE989A737300E8461C401789B9903612] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.) HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-16] (Electronic Arts) HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [MxDock] => C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe [2685752 2014-07-31] () HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [MediaFire Tray] => C:\Users\L33tMaN\AppData\Local\MediaFire Desktop\mf_watch.exe HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [se] => C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-08-23] (SkypEmoticons) HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader) HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [GoogleChromeAutoLaunch_3CB500CD2A273B9B24564AAAE3629254] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.) HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found Startup: C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk ShortcutTarget: Desktop Temperature Monitor.lnk -> C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe (System Alerts LLC) ShellIconOverlayIdentifiers: 1MediaFireIconReadOnly -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_fb372.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: MediaFireIconLock -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_fb372.dll (TODO: <Company name>) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=a&ver=12521&tm=335&src=ds&p={searchTerms} SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir= SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= SearchScopes: HKCU - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir= BHO: Browser+ Apps+ -> {11111111-1111-1111-1111-110611441149} -> C:\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho64.dll (app) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Browser+ Apps+ -> {11111111-1111-1111-1111-110611441149} -> C:\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho.dll (app) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 02 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 03 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 04 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 05 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] () Winsock: Catalog9 06 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] () Winsock: Catalog9 07 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] () Winsock: Catalog9 08 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] () Winsock: Catalog9 09 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] () Winsock: Catalog9 20 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] () Winsock: Catalog9 21 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9-x64 01 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 02 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 03 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 04 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Winsock: Catalog9-x64 15 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default FF DefaultSearchEngine: Groovorio FF SelectedSearchEngine: Groovorio FF Homepage: hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\user.js FF SearchPlugin: C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\Astromenda.xml FF SearchPlugin: C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\Groovorio.xml FF Extension: Browser+ Apps+ - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com [2014-09-14] FF Extension: YoutubeAdblocker - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\a6jz@aeyoiia.net [2014-05-09] FF Extension: BitSaver - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\c.eyojmmbh@k-ibrqfvprx.com [2014-09-09] FF Extension: AllCheaopPricee - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\eooe@mkpc-.com [2014-05-31] FF Extension: SAeVeMasso - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\hdz3xas@yomwft.net [2014-08-12] FF Extension: BessTSavveForYoU - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\kf3i@rcjkzhxfcj.edu [2014-06-14] FF Extension: RoboSAver - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\qibgbuunh@noowzhyaea.co.uk [2014-08-12] FF Extension: SNT - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\qvi-u@kmnvlkclhc.net [2014-05-09] FF Extension: DigISaver - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\rjanqoar@sic.org [2014-07-11] FF Extension: siavee niett - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\ujhs@iy-ifro.co.uk [2014-05-09] FF Extension: JoniCouPon - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\uuui-iaya@ftauomllc.org [2014-05-18] FF Extension: SaverEExtoensioon - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\whpz_9aui@ywh-aua.net [2014-05-24] FF Extension: DueialExPrieSs - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\ydbka@lynubkqd.co.uk [2014-07-03] FF Extension: Settings Manager - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE} [2014-05-02] FF Extension: 20291fcc147146c882135911f5ce6d67 - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67} [2014-08-28] FF Extension: 66B2CEAE80B446b08E4D586721E5C1FA - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{66B2CEAE-80B4-46b0-8E4D-586721E5C1FA} [2014-08-29] FF Extension: Groovorio - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-09-16] FF Extension: Astromenda NT - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf}.xpi [2014-09-14] FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-01] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKCU\...\Firefox\Extensions: [{11C3EB7B-A21E-CEFD-BC6D-10B13205EF14}] - C:\Program Files (x86)\ver6TheBestDeals\177.xpi FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=", "hxxp://astromenda.com/?f=7&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir=" CHR DefaultSearchKeyword: Default -> groovorio.com CHR DefaultSearchProvider: Default -> Groovorio CHR DefaultSearchURL: Default -> http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Groovorio New Tab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2014-09-16] CHR Extension: (RealDownloader) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-23] CHR Extension: (ihbiedpeaicgipncdnnkikeehnjiddck) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbiedpeaicgipncdnnkikeehnjiddck [2014-09-18] CHR Extension: (Browser+ Apps+) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-09-18] CHR Extension: (Astromenda New Tab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-09-14] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-30] CHR StartMenuInternet: Google Chrome - chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-12-16] (CyberLink) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-14] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-14] (globalUpdate) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation) R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-04] (Micro-Star Int'l Co., Ltd.) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 MyOSProtect; C:\Program Files (x86)\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed] R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2014-07-03] () S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-30] () R2 scores; C:\windows\score.exe [4823040 2014-09-09] () [File not signed] S2 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 aswSP; No ImagePath R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI) R3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-05-22] (YTDownloader) S3 xhunter1; \??\C:\windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 20:01 - 2014-09-24 20:01 - 00030670 _____ () C:\Users\L33tMaN\Desktop\FRST.txt 2014-09-24 20:01 - 2014-09-24 20:01 - 00000000 ____D () C:\Users\L33tMaN\Desktop\FRST-OlderVersion 2014-09-24 20:00 - 2014-09-24 20:01 - 02106880 _____ (Farbar) C:\Users\L33tMaN\Desktop\FRST64.exe 2014-09-24 20:00 - 2014-09-24 20:00 - 00000000 ____D () C:\Users\L33tMaN\Desktop\Any Possible Soultion - Malware Removal Help - Malwarebytes Forum_files 2014-09-24 20:00 - 2014-09-24 19:50 - 00175917 _____ () C:\Users\L33tMaN\Desktop\Any Possible Soultion - Malware Removal Help - Malwarebytes Forum.html 2014-09-24 14:29 - 2014-09-24 14:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6 2014-09-23 19:07 - 2014-09-23 19:07 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-23 14:38 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-09-23 14:38 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-09-20 18:52 - 2014-09-24 18:56 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_L33tMaN 2014-09-20 18:52 - 2014-09-24 18:56 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_L33tMaN.job 2014-09-20 18:52 - 2014-09-24 16:54 - 00002980 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_L33tMaN 2014-09-20 18:52 - 2014-09-24 16:54 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_L33tMaN.job 2014-09-20 18:52 - 2014-09-24 14:29 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_L33tMaN.job 2014-09-20 18:52 - 2014-09-20 18:52 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_L33tMaN 2014-09-20 18:52 - 2014-09-20 18:52 - 00002684 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_L33tMaN 2014-09-20 10:52 - 2014-09-20 10:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\L33tMaN\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-18 20:09 - 2014-09-18 20:09 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\EncryptStick 2014-09-18 20:05 - 2014-09-18 20:10 - 00002470 _____ () C:\Users\L33tMaN\Desktop\Rkill.txt 2014-09-16 20:04 - 2014-09-16 20:04 - 00000000 ____D () C:\Users\cynical\AppData\Local\ICSharpCode.net 2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\Users\cynical\AppData\Local\ospd_us_111 2014-09-16 15:59 - 2014-09-16 15:59 - 00000044 _____ () C:\Users\L33tMaN\AppData\Roaming\WB.CFG 2014-09-14 13:12 - 2014-09-14 13:12 - 00393904 _____ () C:\Users\L33tMaN\Downloads\giveyourmeatagoodolrub.vtf 2014-09-14 13:12 - 2014-09-14 13:12 - 00000094 _____ () C:\Users\L33tMaN\Downloads\giveyourmeatagoodolrub.vmt 2014-09-14 13:11 - 2014-09-14 13:11 - 00262432 _____ () C:\Users\L33tMaN\Downloads\mlgpyro.vtf 2014-09-14 13:11 - 2014-09-14 13:11 - 00000079 _____ () C:\Users\L33tMaN\Downloads\mlgpyro.vmt 2014-09-14 13:08 - 2014-09-14 13:08 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (7).zip 2014-09-14 13:08 - 2014-09-14 13:08 - 00000000 ____D () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (7) 2014-09-14 13:02 - 2014-09-14 13:11 - 00000000 ____D () C:\Users\L33tMaN\Desktop\ainsley 2014-09-14 13:01 - 2014-09-14 13:02 - 00000000 ____D () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (4) 2014-09-14 13:00 - 2014-09-14 13:00 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (4).zip 2014-09-14 04:24 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (3).zip 2014-09-14 04:24 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (2).zip 2014-09-14 04:24 - 2014-09-14 04:24 - 00000000 ____D () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (3) 2014-09-14 04:23 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (1).zip 2014-09-14 04:21 - 2014-09-14 04:21 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif.zip 2014-09-14 04:18 - 2014-09-14 04:18 - 00000536 _____ () C:\Users\L33tMaN\Downloads\url.htm 2014-09-14 04:08 - 2014-09-14 04:08 - 00892809 _____ () C:\Users\L33tMaN\Downloads\dc45153ecd-gif.zip 2014-09-14 04:08 - 2014-09-14 04:08 - 00892809 _____ () C:\Users\L33tMaN\Downloads\dc45153ecd-gif (1).zip 2014-09-14 03:54 - 2014-09-14 03:54 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (6).zip 2014-09-14 03:54 - 2014-09-14 03:54 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (5).zip 2014-09-14 03:53 - 2014-09-14 04:14 - 00000000 ____D () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (4) 2014-09-14 03:53 - 2014-09-14 03:53 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (4).zip 2014-09-14 03:53 - 2014-09-14 03:53 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (3).zip 2014-09-14 03:52 - 2014-09-14 03:52 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (2).zip 2014-09-14 03:48 - 2014-09-24 15:48 - 00002436 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5_user.job 2014-09-14 03:48 - 2014-09-24 15:48 - 00002436 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5.job 2014-09-14 03:48 - 2014-09-24 15:48 - 00002100 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-2.job 2014-09-14 03:48 - 2014-09-24 15:48 - 00001458 _____ () C:\windows\Tasks\d0129b8e-caeb-4107-8574-418aabad4b13.job 2014-09-14 03:48 - 2014-09-18 15:10 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-14 03:48 - 2014-09-14 03:48 - 00005466 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5 2014-09-14 03:48 - 2014-09-14 03:48 - 00005130 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-2 2014-09-14 03:48 - 2014-09-14 03:48 - 00004488 _____ () C:\windows\System32\Tasks\d0129b8e-caeb-4107-8574-418aabad4b13 2014-09-14 03:47 - 2014-09-24 19:52 - 00003460 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-6.job 2014-09-14 03:47 - 2014-09-24 15:47 - 00003804 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-4.job 2014-09-14 03:47 - 2014-09-24 15:47 - 00003460 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-7.job 2014-09-14 03:47 - 2014-09-24 15:47 - 00002762 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-1.job 2014-09-14 03:47 - 2014-09-14 03:47 - 00006834 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-4 2014-09-14 03:47 - 2014-09-14 03:47 - 00006490 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-7 2014-09-14 03:47 - 2014-09-14 03:47 - 00006488 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-6 2014-09-14 03:47 - 2014-09-14 03:47 - 00005792 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-1 2014-09-14 03:47 - 2014-09-14 03:47 - 00004360 _____ () C:\windows\SysWOW64\MyOSProtect.ini 2014-09-14 03:47 - 2014-09-14 03:47 - 00002312 _____ () C:\windows\SysWOW64\MyOSProtectOff.ini 2014-09-14 03:47 - 2014-09-14 03:47 - 00002312 _____ () C:\windows\system32\MyOSProtectOff.ini 2014-09-14 03:47 - 2014-09-01 14:28 - 00350768 _____ (MyOSCompany) C:\windows\system32\MyOSProtect64.dll 2014-09-14 03:46 - 2014-09-24 15:51 - 00000894 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-09-14 03:46 - 2014-09-24 15:47 - 00000624 _____ () C:\windows\Tasks\7811b4e1-cc43-4429-852a-998646c16bc7.job 2014-09-14 03:46 - 2014-09-24 15:46 - 00004486 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-11.job 2014-09-14 03:46 - 2014-09-24 15:46 - 00003124 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-3.job 2014-09-14 03:46 - 2014-09-24 14:28 - 00000890 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-09-14 03:46 - 2014-09-14 03:53 - 00000000 ____D () C:\Program Files (x86)\PepperZip 2014-09-14 03:46 - 2014-09-14 03:48 - 00000000 ____D () C:\Program Files (x86)\Browser+ Apps+ 2014-09-14 03:46 - 2014-09-14 03:47 - 00003658 _____ () C:\windows\System32\Tasks\7811b4e1-cc43-4429-852a-998646c16bc7 2014-09-14 03:46 - 2014-09-14 03:46 - 00007516 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-11 2014-09-14 03:46 - 2014-09-14 03:46 - 00006154 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-3 2014-09-14 03:46 - 2014-09-14 03:46 - 00003892 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2014-09-14 03:46 - 2014-09-14 03:46 - 00003638 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2014-09-14 03:46 - 2014-09-14 03:46 - 00001026 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk 2014-09-14 03:46 - 2014-09-14 03:46 - 00001026 _____ () C:\Users\cynical\Desktop\PepperZip.lnk 2014-09-14 03:46 - 2014-09-14 03:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2014-09-14 03:46 - 2014-09-01 14:28 - 00304776 _____ (MyOSCompany) C:\windows\SysWOW64\MyOSProtect.dll 2014-09-14 03:45 - 2014-09-23 14:51 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\DesktopTemperature 2014-09-14 03:45 - 2014-09-16 18:00 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\ospd_us_111 2014-09-14 03:45 - 2014-09-14 03:47 - 00000000 ____D () C:\Program Files (x86)\PCTRunner 2014-09-14 03:45 - 2014-09-14 03:46 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature 2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC 2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY 2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Program Files (x86)\ospd_us_111 2014-09-14 03:45 - 2014-09-09 07:41 - 04823040 _____ () C:\windows\score.exe 2014-09-14 03:42 - 2014-09-14 03:43 - 00000000 ____D () C:\Users\L33tMaN\Desktop\hehe boi 2014-09-14 03:42 - 2014-09-14 03:42 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (1).zip 2014-09-14 03:38 - 2014-09-14 03:38 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif.zip 2014-09-14 03:32 - 2014-09-14 03:32 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\ICSharpCode.net 2014-09-14 03:27 - 2014-09-24 19:27 - 00000300 _____ () C:\windows\Tasks\WSE_Astromenda.job 2014-09-14 03:27 - 2014-09-14 03:32 - 00003314 _____ () C:\windows\System32\Tasks\ASP 2014-09-14 03:27 - 2014-09-14 03:27 - 00003248 _____ () C:\windows\System32\Tasks\WSE_Astromenda 2014-09-14 03:27 - 2014-09-14 03:27 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-09-14 03:26 - 2014-09-18 14:33 - 00000000 ____D () C:\Program Files (x86)\PennyBee 2014-09-14 03:26 - 2014-09-14 03:33 - 00000000 ____D () C:\Program Files (x86)\RCP 2014-09-14 03:26 - 2014-09-14 03:27 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\WSE_Astromenda 2014-09-14 03:26 - 2014-09-14 03:26 - 01055936 _____ (Adobe) C:\Users\L33tMaN\Downloads\flashplayer_setup.exe 2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup.exe 2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup (2).exe 2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup (1).exe 2014-09-14 02:41 - 2014-09-14 02:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\L33tMaN\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-14 02:37 - 2014-09-14 02:37 - 00000244 _____ () C:\Users\L33tMaN\.swfinfo 2014-09-13 03:13 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-13 03:13 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-09-13 03:13 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-13 03:13 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-13 03:13 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-13 03:13 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-09-13 03:13 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-13 03:13 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-13 03:13 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-13 03:13 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-13 03:13 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-13 03:13 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-13 03:13 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-09-13 03:13 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-13 03:13 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-13 03:13 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-13 03:13 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-13 03:13 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-13 03:13 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-13 03:13 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-09-13 03:13 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-13 03:13 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-13 03:13 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-09-13 03:13 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 03:13 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-09-13 03:13 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-09-13 03:13 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-09-13 03:13 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-09-13 03:13 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-13 03:13 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-13 03:13 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-09-13 03:13 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-09-13 03:13 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-13 03:13 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-09-13 03:13 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-09-13 03:13 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-09-13 03:13 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-09-13 03:13 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-13 03:13 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-13 03:13 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-13 03:13 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-13 03:13 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-13 03:13 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-09-13 03:13 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-09-13 03:13 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-09-13 03:13 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-13 03:13 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-09-13 03:13 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-13 03:13 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-09-13 03:13 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-09-13 03:13 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-09-13 03:13 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-13 03:13 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-09-13 03:13 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-09-13 03:13 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-13 03:13 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-09-13 03:01 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-13 03:01 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2014-09-12 14:41 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-12 14:41 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-09-12 14:41 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-12 14:41 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-09-12 14:41 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-12 14:41 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-12 14:41 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-09-12 14:41 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-09-12 14:41 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-09-12 14:41 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-12 14:41 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-09-08 15:31 - 2014-09-14 03:09 - 00000000 ____D () C:\ProgramData\BiituSaovearr 2014-09-08 14:51 - 2014-09-08 14:51 - 00000000 ____D () C:\ProgramData\DeleteAd 2014-09-02 15:55 - 2014-09-02 15:55 - 00487483 _____ () C:\monitor.exe 2014-09-02 15:55 - 2014-09-02 15:55 - 00034244 _____ () C:\monitorsvc.exe 2014-08-27 17:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-27 17:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2014-08-27 17:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 20:01 - 2014-09-24 20:01 - 00030670 _____ () C:\Users\L33tMaN\Desktop\FRST.txt 2014-09-24 20:01 - 2014-09-24 20:01 - 00000000 ____D () C:\Users\L33tMaN\Desktop\FRST-OlderVersion 2014-09-24 20:01 - 2014-09-24 20:00 - 02106880 _____ (Farbar) C:\Users\L33tMaN\Desktop\FRST64.exe 2014-09-24 20:01 - 2014-03-27 19:17 - 00000000 ____D () C:\FRST 2014-09-24 20:00 - 2014-09-24 20:00 - 00000000 ____D () C:\Users\L33tMaN\Desktop\Any Possible Soultion - Malware Removal Help - Malwarebytes Forum_files 2014-09-24 19:52 - 2014-09-14 03:47 - 00003460 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-6.job 2014-09-24 19:50 - 2014-09-24 20:00 - 00175917 _____ () C:\Users\L33tMaN\Desktop\Any Possible Soultion - Malware Removal Help - Malwarebytes Forum.html 2014-09-24 19:27 - 2014-09-14 03:27 - 00000300 _____ () C:\windows\Tasks\WSE_Astromenda.job 2014-09-24 19:23 - 2013-01-01 17:32 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-24 19:07 - 2012-06-07 23:58 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-24 18:56 - 2014-09-20 18:52 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_L33tMaN 2014-09-24 18:56 - 2014-09-20 18:52 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_L33tMaN.job 2014-09-24 16:54 - 2014-09-20 18:52 - 00002980 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_L33tMaN 2014-09-24 16:54 - 2014-09-20 18:52 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_L33tMaN.job 2014-09-24 15:51 - 2014-09-14 03:46 - 00000894 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-09-24 15:48 - 2014-09-14 03:48 - 00002436 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5_user.job 2014-09-24 15:48 - 2014-09-14 03:48 - 00002436 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5.job 2014-09-24 15:48 - 2014-09-14 03:48 - 00002100 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-2.job 2014-09-24 15:48 - 2014-09-14 03:48 - 00001458 _____ () C:\windows\Tasks\d0129b8e-caeb-4107-8574-418aabad4b13.job 2014-09-24 15:47 - 2014-09-14 03:47 - 00003804 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-4.job 2014-09-24 15:47 - 2014-09-14 03:47 - 00003460 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-7.job 2014-09-24 15:47 - 2014-09-14 03:47 - 00002762 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-1.job 2014-09-24 15:47 - 2014-09-14 03:46 - 00000624 _____ () C:\windows\Tasks\7811b4e1-cc43-4429-852a-998646c16bc7.job 2014-09-24 15:46 - 2014-09-14 03:46 - 00004486 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-11.job 2014-09-24 15:46 - 2014-09-14 03:46 - 00003124 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-3.job 2014-09-24 15:28 - 2012-12-31 22:36 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-24 14:37 - 2009-07-14 00:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-24 14:37 - 2009-07-14 00:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-24 14:35 - 2012-08-24 13:41 - 01217967 _____ () C:\windows\WindowsUpdate.log 2014-09-24 14:30 - 2013-10-10 18:00 - 00000000 ____D () C:\ProgramData\Origin 2014-09-24 14:29 - 2014-09-24 14:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6 2014-09-24 14:29 - 2014-09-20 18:52 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_L33tMaN.job 2014-09-24 14:29 - 2014-04-05 09:23 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-09-24 14:28 - 2014-09-14 03:46 - 00000890 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-09-24 14:28 - 2013-06-14 15:49 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-09-24 14:28 - 2013-01-01 17:32 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-24 14:28 - 2012-08-24 12:36 - 00040683 _____ () C:\windows\setupact.log 2014-09-24 14:28 - 2012-06-08 01:49 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-24 14:28 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-23 19:07 - 2014-09-23 19:07 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-23 19:07 - 2012-06-07 23:58 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 19:07 - 2012-06-07 23:58 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 19:07 - 2012-06-07 23:58 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 14:51 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\DesktopTemperature 2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-09-21 18:19 - 2013-01-01 18:01 - 02351472 _____ () C:\windows\PFRO.log 2014-09-21 10:42 - 2012-12-31 22:06 - 00000000 ____D () C:\Users\cynical 2014-09-20 18:52 - 2014-09-20 18:52 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_L33tMaN 2014-09-20 18:52 - 2014-09-20 18:52 - 00002684 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_L33tMaN 2014-09-20 10:55 - 2009-07-14 01:13 - 00799374 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-20 10:37 - 2014-09-20 10:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\L33tMaN\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 20:40 - 2013-01-01 17:33 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Real 2014-09-18 20:10 - 2014-09-18 20:05 - 00002470 _____ () C:\Users\L33tMaN\Desktop\Rkill.txt 2014-09-18 20:09 - 2014-09-18 20:09 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\EncryptStick 2014-09-18 15:10 - 2014-09-14 03:48 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-18 14:33 - 2014-09-14 03:26 - 00000000 ____D () C:\Program Files (x86)\PennyBee 2014-09-16 20:04 - 2014-09-16 20:04 - 00000000 ____D () C:\Users\cynical\AppData\Local\ICSharpCode.net 2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\Users\cynical\AppData\Local\ospd_us_111 2014-09-16 18:00 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\ospd_us_111 2014-09-16 15:59 - 2014-09-16 15:59 - 00000044 _____ () C:\Users\L33tMaN\AppData\Roaming\WB.CFG 2014-09-14 13:12 - 2014-09-14 13:12 - 00393904 _____ () C:\Users\L33tMaN\Downloads\giveyourmeatagoodolrub.vtf 2014-09-14 13:12 - 2014-09-14 13:12 - 00000094 _____ () C:\Users\L33tMaN\Downloads\giveyourmeatagoodolrub.vmt 2014-09-14 13:11 - 2014-09-14 13:11 - 00262432 _____ () C:\Users\L33tMaN\Downloads\mlgpyro.vtf 2014-09-14 13:11 - 2014-09-14 13:11 - 00000079 _____ () C:\Users\L33tMaN\Downloads\mlgpyro.vmt 2014-09-14 13:11 - 2014-09-14 13:02 - 00000000 ____D () C:\Users\L33tMaN\Desktop\ainsley 2014-09-14 13:08 - 2014-09-14 13:08 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (7).zip 2014-09-14 13:08 - 2014-09-14 13:08 - 00000000 ____D () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (7) 2014-09-14 13:02 - 2014-09-14 13:01 - 00000000 ____D () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (4) 2014-09-14 13:00 - 2014-09-14 13:00 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (4).zip 2014-09-14 04:24 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (3).zip 2014-09-14 04:24 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (2).zip 2014-09-14 04:24 - 2014-09-14 04:24 - 00000000 ____D () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (3) 2014-09-14 04:24 - 2014-09-14 04:23 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (1).zip 2014-09-14 04:21 - 2014-09-14 04:21 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif.zip 2014-09-14 04:18 - 2014-09-14 04:18 - 00000536 _____ () C:\Users\L33tMaN\Downloads\url.htm 2014-09-14 04:14 - 2014-09-14 03:53 - 00000000 ____D () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (4) 2014-09-14 04:09 - 2014-05-02 15:10 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Systweak 2014-09-14 04:08 - 2014-09-14 04:08 - 00892809 _____ () C:\Users\L33tMaN\Downloads\dc45153ecd-gif.zip 2014-09-14 04:08 - 2014-09-14 04:08 - 00892809 _____ () C:\Users\L33tMaN\Downloads\dc45153ecd-gif (1).zip 2014-09-14 03:54 - 2014-09-14 03:54 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (6).zip 2014-09-14 03:54 - 2014-09-14 03:54 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (5).zip 2014-09-14 03:53 - 2014-09-14 03:53 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (4).zip 2014-09-14 03:53 - 2014-09-14 03:53 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (3).zip 2014-09-14 03:53 - 2014-09-14 03:46 - 00000000 ____D () C:\Program Files (x86)\PepperZip 2014-09-14 03:52 - 2014-09-14 03:52 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (2).zip 2014-09-14 03:49 - 2014-08-08 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit 2014-09-14 03:48 - 2014-09-14 03:48 - 00005466 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5 2014-09-14 03:48 - 2014-09-14 03:48 - 00005130 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-2 2014-09-14 03:48 - 2014-09-14 03:48 - 00004488 _____ () C:\windows\System32\Tasks\d0129b8e-caeb-4107-8574-418aabad4b13 2014-09-14 03:48 - 2014-09-14 03:46 - 00000000 ____D () C:\Program Files (x86)\Browser+ Apps+ 2014-09-14 03:47 - 2014-09-14 03:47 - 00006834 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-4 2014-09-14 03:47 - 2014-09-14 03:47 - 00006490 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-7 2014-09-14 03:47 - 2014-09-14 03:47 - 00006488 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-6 2014-09-14 03:47 - 2014-09-14 03:47 - 00005792 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-1 2014-09-14 03:47 - 2014-09-14 03:47 - 00004360 _____ () C:\windows\SysWOW64\MyOSProtect.ini 2014-09-14 03:47 - 2014-09-14 03:47 - 00002312 _____ () C:\windows\SysWOW64\MyOSProtectOff.ini 2014-09-14 03:47 - 2014-09-14 03:47 - 00002312 _____ () C:\windows\system32\MyOSProtectOff.ini 2014-09-14 03:47 - 2014-09-14 03:46 - 00003658 _____ () C:\windows\System32\Tasks\7811b4e1-cc43-4429-852a-998646c16bc7 2014-09-14 03:47 - 2014-09-14 03:45 - 00000000 ____D () C:\Program Files (x86)\PCTRunner 2014-09-14 03:46 - 2014-09-14 03:46 - 00007516 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-11 2014-09-14 03:46 - 2014-09-14 03:46 - 00006154 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-3 2014-09-14 03:46 - 2014-09-14 03:46 - 00003892 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2014-09-14 03:46 - 2014-09-14 03:46 - 00003638 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2014-09-14 03:46 - 2014-09-14 03:46 - 00001026 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk 2014-09-14 03:46 - 2014-09-14 03:46 - 00001026 _____ () C:\Users\cynical\Desktop\PepperZip.lnk 2014-09-14 03:46 - 2014-09-14 03:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2014-09-14 03:46 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-09-14 03:46 - 2014-08-23 23:14 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature 2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC 2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY 2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Program Files (x86)\ospd_us_111 2014-09-14 03:45 - 2014-08-23 23:27 - 00004034 _____ () C:\windows\System32\Tasks\LaunchSignup 2014-09-14 03:45 - 2014-08-23 23:16 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\VOPackage 2014-09-14 03:43 - 2014-09-14 03:42 - 00000000 ____D () C:\Users\L33tMaN\Desktop\hehe boi 2014-09-14 03:42 - 2014-09-14 03:42 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (1).zip 2014-09-14 03:38 - 2014-09-14 03:38 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif.zip 2014-09-14 03:33 - 2014-09-14 03:26 - 00000000 ____D () C:\Program Files (x86)\RCP 2014-09-14 03:32 - 2014-09-14 03:32 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\ICSharpCode.net 2014-09-14 03:32 - 2014-09-14 03:27 - 00003314 _____ () C:\windows\System32\Tasks\ASP 2014-09-14 03:27 - 2014-09-14 03:27 - 00003248 _____ () C:\windows\System32\Tasks\WSE_Astromenda 2014-09-14 03:27 - 2014-09-14 03:27 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-09-14 03:27 - 2014-09-14 03:26 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\WSE_Astromenda 2014-09-14 03:26 - 2014-09-14 03:26 - 01055936 _____ (Adobe) C:\Users\L33tMaN\Downloads\flashplayer_setup.exe 2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup.exe 2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup (2).exe 2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup (1).exe 2014-09-14 03:26 - 2014-02-10 17:14 - 00001142 _____ () C:\Users\L33tMaN\Desktop\Mozilla Firefox.lnk 2014-09-14 03:12 - 2014-08-23 23:14 - 00000000 ____D () C:\Program Files (x86)\A7F8482B-1D99-4EC9-B887-8B130AB7E131 2014-09-14 03:12 - 2014-08-23 23:12 - 00000000 ____D () C:\Program Files\005 2014-09-14 03:12 - 2014-08-23 23:05 - 00000000 ____D () C:\ProgramData\Trusted Publisher 2014-09-14 03:09 - 2014-09-08 15:31 - 00000000 ____D () C:\ProgramData\BiituSaovearr 2014-09-14 03:09 - 2014-08-23 23:13 - 00000000 ____D () C:\Program Files (x86)\YTDownloader 2014-09-14 03:09 - 2014-08-08 15:51 - 00000000 ____D () C:\ProgramData\RoboSaveer 2014-09-14 03:09 - 2014-07-08 22:20 - 00000000 ____D () C:\ProgramData\DigiSaver 2014-09-14 03:09 - 2014-07-03 13:44 - 00000000 ____D () C:\ProgramData\DEaalExpprress 2014-09-14 03:09 - 2014-06-11 15:58 - 00000000 ____D () C:\ProgramData\EnJoyuCoauupponi 2014-09-14 03:09 - 2014-05-30 21:12 - 00000000 ____D () C:\ProgramData\RaeggulaarDEAls 2014-09-14 03:09 - 2014-05-23 20:25 - 00000000 ____D () C:\ProgramData\DDigiSSaver 2014-09-14 03:09 - 2014-05-16 22:01 - 00000000 ____D () C:\ProgramData\IsaoveR 2014-09-14 03:09 - 2014-05-09 23:26 - 00000000 ____D () C:\ProgramData\savee! neti 2014-09-14 03:09 - 2014-05-09 23:26 - 00000000 ____D () C:\Program Files (x86)\savee! neti 2014-09-14 03:09 - 2014-05-02 15:03 - 00000000 ____D () C:\Program Files (x86)\Settings Manager 2014-09-14 03:09 - 2013-11-22 23:53 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-09-14 03:09 - 2013-11-22 22:45 - 00000000 ____D () C:\temp 2014-09-14 02:41 - 2014-09-14 02:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\L33tMaN\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-14 02:37 - 2014-09-14 02:37 - 00000244 _____ () C:\Users\L33tMaN\.swfinfo 2014-09-14 02:37 - 2012-12-25 14:33 - 00000000 ____D () C:\Users\L33tMaN 2014-09-13 23:14 - 2013-01-13 19:49 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-13 23:14 - 2012-12-25 14:33 - 00001668 _____ () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-13 04:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache 2014-09-13 03:12 - 2011-02-10 12:10 - 00791496 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2014-09-13 03:11 - 2012-07-10 13:17 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-13 03:11 - 2012-07-10 13:17 - 00001945 _____ () C:\windows\epplauncher.mif 2014-09-13 03:11 - 2012-07-10 13:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-09-13 03:11 - 2012-07-10 13:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-13 03:10 - 2013-08-15 19:45 - 00000000 ____D () C:\windows\system32\MRT 2014-09-13 03:02 - 2012-07-10 17:42 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-13 03:01 - 2014-05-06 22:10 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-09 18:11 - 2014-09-23 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-09-09 17:47 - 2014-09-23 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-09-09 07:41 - 2014-09-14 03:45 - 04823040 _____ () C:\windows\score.exe 2014-09-08 15:31 - 2013-11-22 22:48 - 00000000 ____D () C:\ProgramData\1044eeab61541fad 2014-09-08 14:51 - 2014-09-08 14:51 - 00000000 ____D () C:\ProgramData\DeleteAd 2014-09-05 15:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-05 15:21 - 2014-04-06 17:02 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\SoftGrid Client 2014-09-05 15:10 - 2014-08-23 23:16 - 00002414 _____ () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-09-04 22:10 - 2014-09-12 14:41 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-04 22:05 - 2014-09-12 14:41 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-09-02 15:55 - 2014-09-02 15:55 - 00487483 _____ () C:\monitor.exe 2014-09-02 15:55 - 2014-09-02 15:55 - 00034244 _____ () C:\monitorsvc.exe 2014-09-01 14:28 - 2014-09-14 03:47 - 00350768 _____ (MyOSCompany) C:\windows\system32\MyOSProtect64.dll 2014-09-01 14:28 - 2014-09-14 03:46 - 00304776 _____ (MyOSCompany) C:\windows\SysWOW64\MyOSProtect.dll 2014-08-30 13:13 - 2014-08-23 22:17 - 00000000 ___HD () C:\Users\L33tMaN\.mediafire 2014-08-30 13:10 - 2014-08-23 22:17 - 00000000 ___RD () C:\Users\L33tMaN\MediaFire 2014-08-28 17:47 - 2013-10-19 22:50 - 00000000 ____D () C:\Program Files (x86)\PasswordBox 2014-08-28 17:46 - 2009-07-14 00:45 - 00272088 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-25 20:38 - 2013-10-13 19:54 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-08-25 18:16 - 2013-10-12 00:20 - 00111928 _____ () C:\windows\SysWOW64\PnkBstrB.exe 2014-08-25 18:10 - 2013-11-01 21:06 - 00000000 ____D () C:\ProgramData\Package Cache Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.3888.dll Some content of TEMP: ==================== C:\Users\L33tMaN\AppData\Local\Temp\032939rr.exe C:\Users\L33tMaN\AppData\Local\Temp\6_Offer_13.exe C:\Users\L33tMaN\AppData\Local\Temp\99e01abe8193efaba61686db19cab8b8.dll C:\Users\L33tMaN\AppData\Local\Temp\APNSetup.exe C:\Users\L33tMaN\AppData\Local\Temp\BackupSetup.exe C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup245.exe C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup5726.exe C:\Users\L33tMaN\AppData\Local\Temp\comver.dll C:\Users\L33tMaN\AppData\Local\Temp\FreeZip920.exe C:\Users\L33tMaN\AppData\Local\Temp\nscC558.tmp.exe C:\Users\L33tMaN\AppData\Local\Temp\optprosetup.exe C:\Users\L33tMaN\AppData\Local\Temp\post1.exe C:\Users\L33tMaN\AppData\Local\Temp\post2.dll C:\Users\L33tMaN\AppData\Local\Temp\post2.exe C:\Users\L33tMaN\AppData\Local\Temp\setup_ex.exe C:\Users\L33tMaN\AppData\Local\Temp\shutdown1408846448.exe C:\Users\L33tMaN\AppData\Local\Temp\SpOrder.dll C:\Users\L33tMaN\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\L33tMaN\AppData\Local\Temp\Tsu5D1EC982.dll C:\Users\L33tMaN\AppData\Local\Temp\updateb.exe C:\Users\L33tMaN\AppData\Local\Temp\update_31858_setup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 16:02 ==================== End Of Log ============================ No other log was generated.
- September 25, 2014
- 28 replies
Any Possible Soultion?

bmg posted a topic in Resolved Malware Removal Logs

As per original post: https://forums.malwarebytes.org/index.php?/topic/144333-first-a-redirct-virus-now-unable-to-connect-at-all-to-internet/page-3 This issue has not been solved. I deleted Mb, which I'm not sure was a good idea, as I cannot launch it now if I needed to. It will not open, nor will it download. I cannot see the start screen without purchasing a special cable to start in safe mode, as it doesn't appear when using the HDMI output. I keep getting the runtime error, as described here: https://forums.malwarebytes.org/index.php?/topic/149909-internal-error-expression-error-runtime-error-external-exception-e06d7363/ I tried all those fixes; none have worked. Chameleon also will not launch. Eset online scanner stalls (always at 44%.) Is there any possible solution to this problem?
- September 23, 2014
- 28 replies
First A Redirct Virus, Now Unable To Connect At All To Internet

bmg replied to bmg's topic in Resolved Malware Removal Logs

OK. There are many posts on this; some say it's the keyboard and mouse. Others say it's a video card problem. Nice computer, but has a lot of issues. Will try again; then contact techs, if needed.
- June 9, 2014
- 58 replies
First A Redirct Virus, Now Unable To Connect At All To Internet

bmg replied to bmg's topic in Resolved Malware Removal Logs

This computer has always had issues starting up; taking minutes sometimes; but the warranty doesn't cover software issues.
- June 4, 2014
- 58 replies
First A Redirct Virus, Now Unable To Connect At All To Internet

bmg replied to bmg's topic in Resolved Malware Removal Logs

Nothing; computer doesn't start, or takes forever to start (which was a problem with the Alienwares, I hear.)
- June 2, 2014
- 58 replies
First A Redirct Virus, Now Unable To Connect At All To Internet

bmg replied to bmg's topic in Resolved Malware Removal Logs

Yes.
- May 31, 2014
- 58 replies
First A Redirct Virus, Now Unable To Connect At All To Internet

bmg replied to bmg's topic in Resolved Malware Removal Logs

No; the computer will not boot up this way.
- May 30, 2014
- 58 replies
First A Redirct Virus, Now Unable To Connect At All To Internet

bmg replied to bmg's topic in Resolved Malware Removal Logs

Also don't have a Windows disc. This is an Alienware computer, which has always been slow to start anyway...
- May 28, 2014
- 58 replies
First A Redirct Virus, Now Unable To Connect At All To Internet

bmg replied to bmg's topic in Resolved Malware Removal Logs

No - computer will not re-start; even after verifying the disc after burning...
- May 28, 2014
- 58 replies
First A Redirct Virus, Now Unable To Connect At All To Internet

bmg replied to bmg's topic in Resolved Malware Removal Logs

Can't seem to start the computer from the disc; nothing happens and it won't start. Don't see too much trouble in the way of surfing, it's just that MB will not start anymore. Is there a way to re-install it and start fresh?
- May 26, 2014
- 58 replies
First A Redirct Virus, Now Unable To Connect At All To Internet

bmg replied to bmg's topic in Resolved Malware Removal Logs

Yes - having issues creating the disc on a Mac; but think I have done it, so just need to do the scan...
- May 26, 2014
- 58 replies

Events

Profiles

Forums

Everything posted by bmg

Important Information