Jump to content

Any Possible Soultion?


bmg
 Share

Recommended Posts

As per original post:

https://forums.malwarebytes.org/index.php?/topic/144333-first-a-redirct-virus-now-unable-to-connect-at-all-to-internet/page-3

This issue has not been solved.

I deleted Mb, which I'm not sure was a good idea, as I cannot launch it now if I needed to.

It will not open, nor will it download.

I cannot see the start screen without purchasing a special cable to start in safe mode, as it doesn't appear when using the HDMI output.

I keep getting the runtime error, as described here:

https://forums.malwarebytes.org/index.php?/topic/149909-internal-error-expression-error-runtime-error-external-exception-e06d7363/

I tried all those fixes; none have worked.

Chameleon also will not launch.

Eset online scanner stalls (always at 44%.)

Is there any possible solution to this problem?

Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by L33tMaN (administrator) on L33TMAN-PC on 24-09-2014 20:01:19
Running from C:\Users\L33tMaN\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\monitor.exe
(app) C:\Program Files (x86)\Browser+ Apps+\d0129b8e-caeb-4107-8574-418aabad4b13.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Windows\score.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(MyOSCompany) C:\Program Files (x86)\PCTRunner\MyOSProtect.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
() C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe
(SkypEmoticons) C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons\SE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(System Alerts LLC) C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2012-01-10] (Alienware)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] => c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-12-16] (cyberlink)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2013-01-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [WebInternetSecurity] => "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe"
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [ospd_us_111] => "C:\Program Files (x86)\ospd_us_111\ospd_us_111.exe"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [GoogleChromeAutoLaunch_EE989A737300E8461C401789B9903612] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-16] (Electronic Arts)
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [MxDock] => C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe [2685752 2014-07-31] ()
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [MediaFire Tray] => C:\Users\L33tMaN\AppData\Local\MediaFire Desktop\mf_watch.exe
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [se] => C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-08-23] (SkypEmoticons)
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader)
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [GoogleChromeAutoLaunch_3CB500CD2A273B9B24564AAAE3629254] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
ShortcutTarget: Desktop Temperature Monitor.lnk -> C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe (System Alerts LLC)
ShellIconOverlayIdentifiers: 1MediaFireIconReadOnly -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_fb372.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: MediaFireIconLock -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_fb372.dll (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=a&ver=12521&tm=335&src=ds&p={searchTerms}
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir=
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
SearchScopes: HKCU - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir=
BHO: Browser+ Apps+ -> {11111111-1111-1111-1111-110611441149} -> C:\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho64.dll (app)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Browser+ Apps+ -> {11111111-1111-1111-1111-110611441149} -> C:\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho.dll (app)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 05 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 06 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 07 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 08 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 09 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 20 C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 21 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9-x64 01 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 15 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default
FF DefaultSearchEngine: Groovorio
FF SelectedSearchEngine: Groovorio
FF Homepage: hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\user.js
FF SearchPlugin: C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\Groovorio.xml
FF Extension: Browser+ Apps+ - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com [2014-09-14]
FF Extension: YoutubeAdblocker - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\a6jz@aeyoiia.net [2014-05-09]
FF Extension: BitSaver - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\c.eyojmmbh@k-ibrqfvprx.com [2014-09-09]
FF Extension: AllCheaopPricee - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\eooe@mkpc-.com [2014-05-31]
FF Extension: SAeVeMasso - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\hdz3xas@yomwft.net [2014-08-12]
FF Extension: BessTSavveForYoU - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\kf3i@rcjkzhxfcj.edu [2014-06-14]
FF Extension: RoboSAver - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\qibgbuunh@noowzhyaea.co.uk [2014-08-12]
FF Extension: SNT - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\qvi-u@kmnvlkclhc.net [2014-05-09]
FF Extension: DigISaver - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\rjanqoar@sic.org [2014-07-11]
FF Extension: siavee niett - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\ujhs@iy-ifro.co.uk [2014-05-09]
FF Extension: JoniCouPon - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\uuui-iaya@ftauomllc.org [2014-05-18]
FF Extension: SaverEExtoensioon - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\whpz_9aui@ywh-aua.net [2014-05-24]
FF Extension: DueialExPrieSs - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\ydbka@lynubkqd.co.uk [2014-07-03]
FF Extension: Settings Manager - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE} [2014-05-02]
FF Extension: 20291fcc147146c882135911f5ce6d67 - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67} [2014-08-28]
FF Extension: 66B2CEAE80B446b08E4D586721E5C1FA - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{66B2CEAE-80B4-46b0-8E4D-586721E5C1FA} [2014-08-29]
FF Extension: Groovorio - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-09-16]
FF Extension: Astromenda NT - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf}.xpi [2014-09-14]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-01]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{11C3EB7B-A21E-CEFD-BC6D-10B13205EF14}] - C:\Program Files (x86)\ver6TheBestDeals\177.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=", "hxxp://astromenda.com/?f=7&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir="
CHR DefaultSearchKeyword: Default -> groovorio.com
CHR DefaultSearchProvider: Default -> Groovorio
CHR DefaultSearchURL: Default -> http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Groovorio New Tab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2014-09-16]
CHR Extension: (RealDownloader) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-23]
CHR Extension: (ihbiedpeaicgipncdnnkikeehnjiddck) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbiedpeaicgipncdnnkikeehnjiddck [2014-09-18]
CHR Extension: (Browser+ Apps+) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-09-18]
CHR Extension: (Astromenda New Tab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-30]
CHR StartMenuInternet: Google Chrome - chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-12-16] (CyberLink)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-14] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-14] (globalUpdate) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-04] (Micro-Star Int'l Co., Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files (x86)\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2014-07-03] ()
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-30] ()
R2 scores; C:\windows\score.exe [4823040 2014-09-09] () [File not signed]
S2 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 aswSP; No ImagePath
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-05-22] (YTDownloader)
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 20:01 - 2014-09-24 20:01 - 00030670 _____ () C:\Users\L33tMaN\Desktop\FRST.txt
2014-09-24 20:01 - 2014-09-24 20:01 - 00000000 ____D () C:\Users\L33tMaN\Desktop\FRST-OlderVersion
2014-09-24 20:00 - 2014-09-24 20:01 - 02106880 _____ (Farbar) C:\Users\L33tMaN\Desktop\FRST64.exe
2014-09-24 20:00 - 2014-09-24 20:00 - 00000000 ____D () C:\Users\L33tMaN\Desktop\Any Possible Soultion - Malware Removal Help - Malwarebytes Forum_files
2014-09-24 20:00 - 2014-09-24 19:50 - 00175917 _____ () C:\Users\L33tMaN\Desktop\Any Possible Soultion - Malware Removal Help - Malwarebytes Forum.html
2014-09-24 14:29 - 2014-09-24 14:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
2014-09-23 19:07 - 2014-09-23 19:07 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-23 14:38 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-23 14:38 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-20 18:52 - 2014-09-24 18:56 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_L33tMaN
2014-09-20 18:52 - 2014-09-24 18:56 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_L33tMaN.job
2014-09-20 18:52 - 2014-09-24 16:54 - 00002980 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_L33tMaN
2014-09-20 18:52 - 2014-09-24 16:54 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_L33tMaN.job
2014-09-20 18:52 - 2014-09-24 14:29 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_L33tMaN.job
2014-09-20 18:52 - 2014-09-20 18:52 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_L33tMaN
2014-09-20 18:52 - 2014-09-20 18:52 - 00002684 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_L33tMaN
2014-09-20 10:52 - 2014-09-20 10:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\L33tMaN\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-18 20:09 - 2014-09-18 20:09 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\EncryptStick
2014-09-18 20:05 - 2014-09-18 20:10 - 00002470 _____ () C:\Users\L33tMaN\Desktop\Rkill.txt
2014-09-16 20:04 - 2014-09-16 20:04 - 00000000 ____D () C:\Users\cynical\AppData\Local\ICSharpCode.net
2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\Users\cynical\AppData\Local\ospd_us_111
2014-09-16 15:59 - 2014-09-16 15:59 - 00000044 _____ () C:\Users\L33tMaN\AppData\Roaming\WB.CFG
2014-09-14 13:12 - 2014-09-14 13:12 - 00393904 _____ () C:\Users\L33tMaN\Downloads\giveyourmeatagoodolrub.vtf
2014-09-14 13:12 - 2014-09-14 13:12 - 00000094 _____ () C:\Users\L33tMaN\Downloads\giveyourmeatagoodolrub.vmt
2014-09-14 13:11 - 2014-09-14 13:11 - 00262432 _____ () C:\Users\L33tMaN\Downloads\mlgpyro.vtf
2014-09-14 13:11 - 2014-09-14 13:11 - 00000079 _____ () C:\Users\L33tMaN\Downloads\mlgpyro.vmt
2014-09-14 13:08 - 2014-09-14 13:08 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (7).zip
2014-09-14 13:08 - 2014-09-14 13:08 - 00000000 ____D () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (7)
2014-09-14 13:02 - 2014-09-14 13:11 - 00000000 ____D () C:\Users\L33tMaN\Desktop\ainsley
2014-09-14 13:01 - 2014-09-14 13:02 - 00000000 ____D () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (4)
2014-09-14 13:00 - 2014-09-14 13:00 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (4).zip
2014-09-14 04:24 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (3).zip
2014-09-14 04:24 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (2).zip
2014-09-14 04:24 - 2014-09-14 04:24 - 00000000 ____D () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (3)
2014-09-14 04:23 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (1).zip
2014-09-14 04:21 - 2014-09-14 04:21 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif.zip
2014-09-14 04:18 - 2014-09-14 04:18 - 00000536 _____ () C:\Users\L33tMaN\Downloads\url.htm
2014-09-14 04:08 - 2014-09-14 04:08 - 00892809 _____ () C:\Users\L33tMaN\Downloads\dc45153ecd-gif.zip
2014-09-14 04:08 - 2014-09-14 04:08 - 00892809 _____ () C:\Users\L33tMaN\Downloads\dc45153ecd-gif (1).zip
2014-09-14 03:54 - 2014-09-14 03:54 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (6).zip
2014-09-14 03:54 - 2014-09-14 03:54 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (5).zip
2014-09-14 03:53 - 2014-09-14 04:14 - 00000000 ____D () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (4)
2014-09-14 03:53 - 2014-09-14 03:53 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (4).zip
2014-09-14 03:53 - 2014-09-14 03:53 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (3).zip
2014-09-14 03:52 - 2014-09-14 03:52 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (2).zip
2014-09-14 03:48 - 2014-09-24 15:48 - 00002436 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5_user.job
2014-09-14 03:48 - 2014-09-24 15:48 - 00002436 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5.job
2014-09-14 03:48 - 2014-09-24 15:48 - 00002100 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-2.job
2014-09-14 03:48 - 2014-09-24 15:48 - 00001458 _____ () C:\windows\Tasks\d0129b8e-caeb-4107-8574-418aabad4b13.job
2014-09-14 03:48 - 2014-09-18 15:10 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-14 03:48 - 2014-09-14 03:48 - 00005466 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5
2014-09-14 03:48 - 2014-09-14 03:48 - 00005130 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-2
2014-09-14 03:48 - 2014-09-14 03:48 - 00004488 _____ () C:\windows\System32\Tasks\d0129b8e-caeb-4107-8574-418aabad4b13
2014-09-14 03:47 - 2014-09-24 19:52 - 00003460 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-6.job
2014-09-14 03:47 - 2014-09-24 15:47 - 00003804 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-4.job
2014-09-14 03:47 - 2014-09-24 15:47 - 00003460 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-7.job
2014-09-14 03:47 - 2014-09-24 15:47 - 00002762 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-1.job
2014-09-14 03:47 - 2014-09-14 03:47 - 00006834 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-4
2014-09-14 03:47 - 2014-09-14 03:47 - 00006490 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-7
2014-09-14 03:47 - 2014-09-14 03:47 - 00006488 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-6
2014-09-14 03:47 - 2014-09-14 03:47 - 00005792 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-1
2014-09-14 03:47 - 2014-09-14 03:47 - 00004360 _____ () C:\windows\SysWOW64\MyOSProtect.ini
2014-09-14 03:47 - 2014-09-14 03:47 - 00002312 _____ () C:\windows\SysWOW64\MyOSProtectOff.ini
2014-09-14 03:47 - 2014-09-14 03:47 - 00002312 _____ () C:\windows\system32\MyOSProtectOff.ini
2014-09-14 03:47 - 2014-09-01 14:28 - 00350768 _____ (MyOSCompany) C:\windows\system32\MyOSProtect64.dll
2014-09-14 03:46 - 2014-09-24 15:51 - 00000894 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-14 03:46 - 2014-09-24 15:47 - 00000624 _____ () C:\windows\Tasks\7811b4e1-cc43-4429-852a-998646c16bc7.job
2014-09-14 03:46 - 2014-09-24 15:46 - 00004486 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-11.job
2014-09-14 03:46 - 2014-09-24 15:46 - 00003124 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-3.job
2014-09-14 03:46 - 2014-09-24 14:28 - 00000890 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-14 03:46 - 2014-09-14 03:53 - 00000000 ____D () C:\Program Files (x86)\PepperZip
2014-09-14 03:46 - 2014-09-14 03:48 - 00000000 ____D () C:\Program Files (x86)\Browser+ Apps+
2014-09-14 03:46 - 2014-09-14 03:47 - 00003658 _____ () C:\windows\System32\Tasks\7811b4e1-cc43-4429-852a-998646c16bc7
2014-09-14 03:46 - 2014-09-14 03:46 - 00007516 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-11
2014-09-14 03:46 - 2014-09-14 03:46 - 00006154 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-3
2014-09-14 03:46 - 2014-09-14 03:46 - 00003892 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-09-14 03:46 - 2014-09-14 03:46 - 00003638 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-09-14 03:46 - 2014-09-14 03:46 - 00001026 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk
2014-09-14 03:46 - 2014-09-14 03:46 - 00001026 _____ () C:\Users\cynical\Desktop\PepperZip.lnk
2014-09-14 03:46 - 2014-09-14 03:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-14 03:46 - 2014-09-01 14:28 - 00304776 _____ (MyOSCompany) C:\windows\SysWOW64\MyOSProtect.dll
2014-09-14 03:45 - 2014-09-23 14:51 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\DesktopTemperature
2014-09-14 03:45 - 2014-09-16 18:00 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\ospd_us_111
2014-09-14 03:45 - 2014-09-14 03:47 - 00000000 ____D () C:\Program Files (x86)\PCTRunner
2014-09-14 03:45 - 2014-09-14 03:46 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature
2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC
2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Program Files (x86)\ospd_us_111
2014-09-14 03:45 - 2014-09-09 07:41 - 04823040 _____ () C:\windows\score.exe
2014-09-14 03:42 - 2014-09-14 03:43 - 00000000 ____D () C:\Users\L33tMaN\Desktop\hehe boi
2014-09-14 03:42 - 2014-09-14 03:42 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (1).zip
2014-09-14 03:38 - 2014-09-14 03:38 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif.zip
2014-09-14 03:32 - 2014-09-14 03:32 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\ICSharpCode.net
2014-09-14 03:27 - 2014-09-24 19:27 - 00000300 _____ () C:\windows\Tasks\WSE_Astromenda.job
2014-09-14 03:27 - 2014-09-14 03:32 - 00003314 _____ () C:\windows\System32\Tasks\ASP
2014-09-14 03:27 - 2014-09-14 03:27 - 00003248 _____ () C:\windows\System32\Tasks\WSE_Astromenda
2014-09-14 03:27 - 2014-09-14 03:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-14 03:26 - 2014-09-18 14:33 - 00000000 ____D () C:\Program Files (x86)\PennyBee
2014-09-14 03:26 - 2014-09-14 03:33 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-09-14 03:26 - 2014-09-14 03:27 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\WSE_Astromenda
2014-09-14 03:26 - 2014-09-14 03:26 - 01055936 _____ (Adobe) C:\Users\L33tMaN\Downloads\flashplayer_setup.exe
2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup.exe
2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup (2).exe
2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup (1).exe
2014-09-14 02:41 - 2014-09-14 02:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\L33tMaN\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 02:37 - 2014-09-14 02:37 - 00000244 _____ () C:\Users\L33tMaN\.swfinfo
2014-09-13 03:13 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-13 03:13 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-13 03:13 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-13 03:13 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-13 03:13 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-13 03:13 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-13 03:13 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-13 03:13 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-13 03:13 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-13 03:13 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-13 03:13 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-13 03:13 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-13 03:13 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-13 03:13 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-13 03:13 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-13 03:13 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-13 03:13 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-13 03:13 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-13 03:13 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-13 03:13 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-13 03:13 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:13 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-13 03:13 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-13 03:13 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:13 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-13 03:13 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-13 03:13 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-13 03:13 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-13 03:13 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-13 03:13 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-13 03:13 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-13 03:13 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-13 03:13 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-13 03:13 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-13 03:13 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-13 03:13 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-13 03:13 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-13 03:13 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-13 03:13 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-13 03:13 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-13 03:13 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-13 03:13 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 03:13 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-13 03:13 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-13 03:13 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-13 03:13 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-13 03:13 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-13 03:13 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-13 03:13 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-13 03:13 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-13 03:13 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-13 03:13 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-13 03:13 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-13 03:13 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-13 03:13 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-13 03:13 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-13 03:01 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-13 03:01 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 14:41 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-12 14:41 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-12 14:41 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-12 14:41 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-12 14:41 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-12 14:41 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-12 14:41 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-12 14:41 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-12 14:41 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-12 14:41 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-12 14:41 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-08 15:31 - 2014-09-14 03:09 - 00000000 ____D () C:\ProgramData\BiituSaovearr
2014-09-08 14:51 - 2014-09-08 14:51 - 00000000 ____D () C:\ProgramData\DeleteAd
2014-09-02 15:55 - 2014-09-02 15:55 - 00487483 _____ () C:\monitor.exe
2014-09-02 15:55 - 2014-09-02 15:55 - 00034244 _____ () C:\monitorsvc.exe
2014-08-27 17:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 17:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 17:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 20:01 - 2014-09-24 20:01 - 00030670 _____ () C:\Users\L33tMaN\Desktop\FRST.txt
2014-09-24 20:01 - 2014-09-24 20:01 - 00000000 ____D () C:\Users\L33tMaN\Desktop\FRST-OlderVersion
2014-09-24 20:01 - 2014-09-24 20:00 - 02106880 _____ (Farbar) C:\Users\L33tMaN\Desktop\FRST64.exe
2014-09-24 20:01 - 2014-03-27 19:17 - 00000000 ____D () C:\FRST
2014-09-24 20:00 - 2014-09-24 20:00 - 00000000 ____D () C:\Users\L33tMaN\Desktop\Any Possible Soultion - Malware Removal Help - Malwarebytes Forum_files
2014-09-24 19:52 - 2014-09-14 03:47 - 00003460 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-6.job
2014-09-24 19:50 - 2014-09-24 20:00 - 00175917 _____ () C:\Users\L33tMaN\Desktop\Any Possible Soultion - Malware Removal Help - Malwarebytes Forum.html
2014-09-24 19:27 - 2014-09-14 03:27 - 00000300 _____ () C:\windows\Tasks\WSE_Astromenda.job
2014-09-24 19:23 - 2013-01-01 17:32 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 19:07 - 2012-06-07 23:58 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 18:56 - 2014-09-20 18:52 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_L33tMaN
2014-09-24 18:56 - 2014-09-20 18:52 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_L33tMaN.job
2014-09-24 16:54 - 2014-09-20 18:52 - 00002980 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_L33tMaN
2014-09-24 16:54 - 2014-09-20 18:52 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_L33tMaN.job
2014-09-24 15:51 - 2014-09-14 03:46 - 00000894 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-24 15:48 - 2014-09-14 03:48 - 00002436 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5_user.job
2014-09-24 15:48 - 2014-09-14 03:48 - 00002436 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5.job
2014-09-24 15:48 - 2014-09-14 03:48 - 00002100 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-2.job
2014-09-24 15:48 - 2014-09-14 03:48 - 00001458 _____ () C:\windows\Tasks\d0129b8e-caeb-4107-8574-418aabad4b13.job
2014-09-24 15:47 - 2014-09-14 03:47 - 00003804 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-4.job
2014-09-24 15:47 - 2014-09-14 03:47 - 00003460 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-7.job
2014-09-24 15:47 - 2014-09-14 03:47 - 00002762 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-1.job
2014-09-24 15:47 - 2014-09-14 03:46 - 00000624 _____ () C:\windows\Tasks\7811b4e1-cc43-4429-852a-998646c16bc7.job
2014-09-24 15:46 - 2014-09-14 03:46 - 00004486 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-11.job
2014-09-24 15:46 - 2014-09-14 03:46 - 00003124 _____ () C:\windows\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-3.job
2014-09-24 15:28 - 2012-12-31 22:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-24 14:37 - 2009-07-14 00:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 14:37 - 2009-07-14 00:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 14:35 - 2012-08-24 13:41 - 01217967 _____ () C:\windows\WindowsUpdate.log
2014-09-24 14:30 - 2013-10-10 18:00 - 00000000 ____D () C:\ProgramData\Origin
2014-09-24 14:29 - 2014-09-24 14:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
2014-09-24 14:29 - 2014-09-20 18:52 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_L33tMaN.job
2014-09-24 14:29 - 2014-04-05 09:23 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-24 14:28 - 2014-09-14 03:46 - 00000890 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-24 14:28 - 2013-06-14 15:49 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-09-24 14:28 - 2013-01-01 17:32 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 14:28 - 2012-08-24 12:36 - 00040683 _____ () C:\windows\setupact.log
2014-09-24 14:28 - 2012-06-08 01:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-24 14:28 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-23 19:07 - 2014-09-23 19:07 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-23 19:07 - 2012-06-07 23:58 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 19:07 - 2012-06-07 23:58 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 19:07 - 2012-06-07 23:58 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 14:51 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\DesktopTemperature
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-21 18:19 - 2013-01-01 18:01 - 02351472 _____ () C:\windows\PFRO.log
2014-09-21 10:42 - 2012-12-31 22:06 - 00000000 ____D () C:\Users\cynical
2014-09-20 18:52 - 2014-09-20 18:52 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_L33tMaN
2014-09-20 18:52 - 2014-09-20 18:52 - 00002684 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_L33tMaN
2014-09-20 10:55 - 2009-07-14 01:13 - 00799374 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-20 10:37 - 2014-09-20 10:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\L33tMaN\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 20:40 - 2013-01-01 17:33 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Real
2014-09-18 20:10 - 2014-09-18 20:05 - 00002470 _____ () C:\Users\L33tMaN\Desktop\Rkill.txt
2014-09-18 20:09 - 2014-09-18 20:09 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\EncryptStick
2014-09-18 15:10 - 2014-09-14 03:48 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-18 14:33 - 2014-09-14 03:26 - 00000000 ____D () C:\Program Files (x86)\PennyBee
2014-09-16 20:04 - 2014-09-16 20:04 - 00000000 ____D () C:\Users\cynical\AppData\Local\ICSharpCode.net
2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\Users\cynical\AppData\Local\ospd_us_111
2014-09-16 18:00 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\ospd_us_111
2014-09-16 15:59 - 2014-09-16 15:59 - 00000044 _____ () C:\Users\L33tMaN\AppData\Roaming\WB.CFG
2014-09-14 13:12 - 2014-09-14 13:12 - 00393904 _____ () C:\Users\L33tMaN\Downloads\giveyourmeatagoodolrub.vtf
2014-09-14 13:12 - 2014-09-14 13:12 - 00000094 _____ () C:\Users\L33tMaN\Downloads\giveyourmeatagoodolrub.vmt
2014-09-14 13:11 - 2014-09-14 13:11 - 00262432 _____ () C:\Users\L33tMaN\Downloads\mlgpyro.vtf
2014-09-14 13:11 - 2014-09-14 13:11 - 00000079 _____ () C:\Users\L33tMaN\Downloads\mlgpyro.vmt
2014-09-14 13:11 - 2014-09-14 13:02 - 00000000 ____D () C:\Users\L33tMaN\Desktop\ainsley
2014-09-14 13:08 - 2014-09-14 13:08 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (7).zip
2014-09-14 13:08 - 2014-09-14 13:08 - 00000000 ____D () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (7)
2014-09-14 13:02 - 2014-09-14 13:01 - 00000000 ____D () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (4)
2014-09-14 13:00 - 2014-09-14 13:00 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (4).zip
2014-09-14 04:24 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (3).zip
2014-09-14 04:24 - 2014-09-14 04:24 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (2).zip
2014-09-14 04:24 - 2014-09-14 04:24 - 00000000 ____D () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (3)
2014-09-14 04:24 - 2014-09-14 04:23 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif (1).zip
2014-09-14 04:21 - 2014-09-14 04:21 - 00753217 _____ () C:\Users\L33tMaN\Downloads\8f19ecd3f1-gif.zip
2014-09-14 04:18 - 2014-09-14 04:18 - 00000536 _____ () C:\Users\L33tMaN\Downloads\url.htm
2014-09-14 04:14 - 2014-09-14 03:53 - 00000000 ____D () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (4)
2014-09-14 04:09 - 2014-05-02 15:10 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Systweak
2014-09-14 04:08 - 2014-09-14 04:08 - 00892809 _____ () C:\Users\L33tMaN\Downloads\dc45153ecd-gif.zip
2014-09-14 04:08 - 2014-09-14 04:08 - 00892809 _____ () C:\Users\L33tMaN\Downloads\dc45153ecd-gif (1).zip
2014-09-14 03:54 - 2014-09-14 03:54 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (6).zip
2014-09-14 03:54 - 2014-09-14 03:54 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (5).zip
2014-09-14 03:53 - 2014-09-14 03:53 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (4).zip
2014-09-14 03:53 - 2014-09-14 03:53 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (3).zip
2014-09-14 03:53 - 2014-09-14 03:46 - 00000000 ____D () C:\Program Files (x86)\PepperZip
2014-09-14 03:52 - 2014-09-14 03:52 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (2).zip
2014-09-14 03:49 - 2014-08-08 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
2014-09-14 03:48 - 2014-09-14 03:48 - 00005466 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-5
2014-09-14 03:48 - 2014-09-14 03:48 - 00005130 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-2
2014-09-14 03:48 - 2014-09-14 03:48 - 00004488 _____ () C:\windows\System32\Tasks\d0129b8e-caeb-4107-8574-418aabad4b13
2014-09-14 03:48 - 2014-09-14 03:46 - 00000000 ____D () C:\Program Files (x86)\Browser+ Apps+
2014-09-14 03:47 - 2014-09-14 03:47 - 00006834 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-4
2014-09-14 03:47 - 2014-09-14 03:47 - 00006490 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-7
2014-09-14 03:47 - 2014-09-14 03:47 - 00006488 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-6
2014-09-14 03:47 - 2014-09-14 03:47 - 00005792 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-1
2014-09-14 03:47 - 2014-09-14 03:47 - 00004360 _____ () C:\windows\SysWOW64\MyOSProtect.ini
2014-09-14 03:47 - 2014-09-14 03:47 - 00002312 _____ () C:\windows\SysWOW64\MyOSProtectOff.ini
2014-09-14 03:47 - 2014-09-14 03:47 - 00002312 _____ () C:\windows\system32\MyOSProtectOff.ini
2014-09-14 03:47 - 2014-09-14 03:46 - 00003658 _____ () C:\windows\System32\Tasks\7811b4e1-cc43-4429-852a-998646c16bc7
2014-09-14 03:47 - 2014-09-14 03:45 - 00000000 ____D () C:\Program Files (x86)\PCTRunner
2014-09-14 03:46 - 2014-09-14 03:46 - 00007516 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-11
2014-09-14 03:46 - 2014-09-14 03:46 - 00006154 _____ () C:\windows\System32\Tasks\e44f9199-0b4d-467f-bc3d-08e536696e26-3
2014-09-14 03:46 - 2014-09-14 03:46 - 00003892 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-09-14 03:46 - 2014-09-14 03:46 - 00003638 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-09-14 03:46 - 2014-09-14 03:46 - 00001026 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk
2014-09-14 03:46 - 2014-09-14 03:46 - 00001026 _____ () C:\Users\cynical\Desktop\PepperZip.lnk
2014-09-14 03:46 - 2014-09-14 03:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-14 03:46 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-09-14 03:46 - 2014-08-23 23:14 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature
2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC
2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2014-09-14 03:45 - 2014-09-14 03:45 - 00000000 ____D () C:\Program Files (x86)\ospd_us_111
2014-09-14 03:45 - 2014-08-23 23:27 - 00004034 _____ () C:\windows\System32\Tasks\LaunchSignup
2014-09-14 03:45 - 2014-08-23 23:16 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\VOPackage
2014-09-14 03:43 - 2014-09-14 03:42 - 00000000 ____D () C:\Users\L33tMaN\Desktop\hehe boi
2014-09-14 03:42 - 2014-09-14 03:42 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif (1).zip
2014-09-14 03:38 - 2014-09-14 03:38 - 00242361 _____ () C:\Users\L33tMaN\Downloads\c11ea5fc02-gif.zip
2014-09-14 03:33 - 2014-09-14 03:26 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-09-14 03:32 - 2014-09-14 03:32 - 00000000 ____D () C:\Users\L33tMaN\AppData\Local\ICSharpCode.net
2014-09-14 03:32 - 2014-09-14 03:27 - 00003314 _____ () C:\windows\System32\Tasks\ASP
2014-09-14 03:27 - 2014-09-14 03:27 - 00003248 _____ () C:\windows\System32\Tasks\WSE_Astromenda
2014-09-14 03:27 - 2014-09-14 03:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-14 03:27 - 2014-09-14 03:26 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\WSE_Astromenda
2014-09-14 03:26 - 2014-09-14 03:26 - 01055936 _____ (Adobe) C:\Users\L33tMaN\Downloads\flashplayer_setup.exe
2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup.exe
2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup (2).exe
2014-09-14 03:26 - 2014-09-14 03:26 - 00784616 _____ ( ) C:\Users\L33tMaN\Downloads\adobe_flash_setup (1).exe
2014-09-14 03:26 - 2014-02-10 17:14 - 00001142 _____ () C:\Users\L33tMaN\Desktop\Mozilla Firefox.lnk
2014-09-14 03:12 - 2014-08-23 23:14 - 00000000 ____D () C:\Program Files (x86)\A7F8482B-1D99-4EC9-B887-8B130AB7E131
2014-09-14 03:12 - 2014-08-23 23:12 - 00000000 ____D () C:\Program Files\005
2014-09-14 03:12 - 2014-08-23 23:05 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-09-14 03:09 - 2014-09-08 15:31 - 00000000 ____D () C:\ProgramData\BiituSaovearr
2014-09-14 03:09 - 2014-08-23 23:13 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2014-09-14 03:09 - 2014-08-08 15:51 - 00000000 ____D () C:\ProgramData\RoboSaveer
2014-09-14 03:09 - 2014-07-08 22:20 - 00000000 ____D () C:\ProgramData\DigiSaver
2014-09-14 03:09 - 2014-07-03 13:44 - 00000000 ____D () C:\ProgramData\DEaalExpprress
2014-09-14 03:09 - 2014-06-11 15:58 - 00000000 ____D () C:\ProgramData\EnJoyuCoauupponi
2014-09-14 03:09 - 2014-05-30 21:12 - 00000000 ____D () C:\ProgramData\RaeggulaarDEAls
2014-09-14 03:09 - 2014-05-23 20:25 - 00000000 ____D () C:\ProgramData\DDigiSSaver
2014-09-14 03:09 - 2014-05-16 22:01 - 00000000 ____D () C:\ProgramData\IsaoveR
2014-09-14 03:09 - 2014-05-09 23:26 - 00000000 ____D () C:\ProgramData\savee! neti
2014-09-14 03:09 - 2014-05-09 23:26 - 00000000 ____D () C:\Program Files (x86)\savee! neti
2014-09-14 03:09 - 2014-05-02 15:03 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-09-14 03:09 - 2013-11-22 23:53 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-14 03:09 - 2013-11-22 22:45 - 00000000 ____D () C:\temp
2014-09-14 02:41 - 2014-09-14 02:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\L33tMaN\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 02:37 - 2014-09-14 02:37 - 00000244 _____ () C:\Users\L33tMaN\.swfinfo
2014-09-14 02:37 - 2012-12-25 14:33 - 00000000 ____D () C:\Users\L33tMaN
2014-09-13 23:14 - 2013-01-13 19:49 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-13 23:14 - 2012-12-25 14:33 - 00001668 _____ () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-13 04:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-09-13 03:12 - 2011-02-10 12:10 - 00791496 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-13 03:11 - 2012-07-10 13:17 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-13 03:11 - 2012-07-10 13:17 - 00001945 _____ () C:\windows\epplauncher.mif
2014-09-13 03:11 - 2012-07-10 13:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-13 03:11 - 2012-07-10 13:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 03:10 - 2013-08-15 19:45 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 03:02 - 2012-07-10 17:42 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-13 03:01 - 2014-05-06 22:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-09 18:11 - 2014-09-23 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-09 17:47 - 2014-09-23 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-09 07:41 - 2014-09-14 03:45 - 04823040 _____ () C:\windows\score.exe
2014-09-08 15:31 - 2013-11-22 22:48 - 00000000 ____D () C:\ProgramData\1044eeab61541fad
2014-09-08 14:51 - 2014-09-08 14:51 - 00000000 ____D () C:\ProgramData\DeleteAd
2014-09-05 15:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-05 15:21 - 2014-04-06 17:02 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\SoftGrid Client
2014-09-05 15:10 - 2014-08-23 23:16 - 00002414 _____ () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-04 22:10 - 2014-09-12 14:41 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-12 14:41 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-02 15:55 - 2014-09-02 15:55 - 00487483 _____ () C:\monitor.exe
2014-09-02 15:55 - 2014-09-02 15:55 - 00034244 _____ () C:\monitorsvc.exe
2014-09-01 14:28 - 2014-09-14 03:47 - 00350768 _____ (MyOSCompany) C:\windows\system32\MyOSProtect64.dll
2014-09-01 14:28 - 2014-09-14 03:46 - 00304776 _____ (MyOSCompany) C:\windows\SysWOW64\MyOSProtect.dll
2014-08-30 13:13 - 2014-08-23 22:17 - 00000000 ___HD () C:\Users\L33tMaN\.mediafire
2014-08-30 13:10 - 2014-08-23 22:17 - 00000000 ___RD () C:\Users\L33tMaN\MediaFire
2014-08-28 17:47 - 2013-10-19 22:50 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-08-28 17:46 - 2009-07-14 00:45 - 00272088 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-25 20:38 - 2013-10-13 19:54 - 00000000 ____D () C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-25 18:16 - 2013-10-12 00:20 - 00111928 _____ () C:\windows\SysWOW64\PnkBstrB.exe
2014-08-25 18:10 - 2013-11-01 21:06 - 00000000 ____D () C:\ProgramData\Package Cache

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3888.dll


Some content of TEMP:
====================
C:\Users\L33tMaN\AppData\Local\Temp\032939rr.exe
C:\Users\L33tMaN\AppData\Local\Temp\6_Offer_13.exe
C:\Users\L33tMaN\AppData\Local\Temp\99e01abe8193efaba61686db19cab8b8.dll
C:\Users\L33tMaN\AppData\Local\Temp\APNSetup.exe
C:\Users\L33tMaN\AppData\Local\Temp\BackupSetup.exe
C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup245.exe
C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup5726.exe
C:\Users\L33tMaN\AppData\Local\Temp\comver.dll
C:\Users\L33tMaN\AppData\Local\Temp\FreeZip920.exe
C:\Users\L33tMaN\AppData\Local\Temp\nscC558.tmp.exe
C:\Users\L33tMaN\AppData\Local\Temp\optprosetup.exe
C:\Users\L33tMaN\AppData\Local\Temp\post1.exe
C:\Users\L33tMaN\AppData\Local\Temp\post2.dll
C:\Users\L33tMaN\AppData\Local\Temp\post2.exe
C:\Users\L33tMaN\AppData\Local\Temp\setup_ex.exe
C:\Users\L33tMaN\AppData\Local\Temp\shutdown1408846448.exe
C:\Users\L33tMaN\AppData\Local\Temp\SpOrder.dll
C:\Users\L33tMaN\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\L33tMaN\AppData\Local\Temp\Tsu5D1EC982.dll
C:\Users\L33tMaN\AppData\Local\Temp\updateb.exe
C:\Users\L33tMaN\AppData\Local\Temp\update_31858_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 16:02

==================== End Of Log ============================

 

No other log was generated.

Link to post
Share on other sites

Your system is awash with Browser Hijackers and adware, I need to see the secondary log created by FRST "Addition.txt"  to make full analysis..

 

FRST creates two logs by default on its initial run. Logs are saved to this folder C:\FRST\Logs navigate to that folder and see if "Addition.txt" is there...

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by L33tMaN at 2014-03-27 19:19:07
Running from C:\Users\L33tMaN\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.)
AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{6A7D1CAC-6267-4C71-A759-CB5D9E9FAFAA}) (Version: 2.7.25.0 - Alienware Corp.)
Alienware Command Center (Version: 2.7.25.0 - Alienware Corp.) Hidden
Allied Intent .2 client (HKLM-x32\...\Allied Intent .2 client) (Version:  - )
Allied Intent Xtended 2.0 (HKLM-x32\...\Allied Intent Xtended) (Version: 2.0 - AIX Community)
Battlecraft 1942 (HKLM-x32\...\Battlecraft 19422.1) (Version:  - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942 Windows Vista/7 Compatibility Fix (HKLM\...\{99720953-c1d6-4b90-8012-b7c3337f4efe}.sdb) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
Battlefield 2 (HKLM-x32\...\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}) (Version: 1.5.0.0 - Electronic Arts)
Battlefield 2 Demo (HKLM-x32\...\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}) (Version:  - )
Battlefield Mod Development Toolkit 2.0 Beta (HKLM-x32\...\MDT) (Version:  - )
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
couponamazing (HKLM-x32\...\couponamazing) (Version: 1.1357065019 - couponamazing.com) <==== ATTENTION
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4827 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4827 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
FFOLKES Unlocks123 mod v1.4.1 (HKLM-x32\...\FFOLKES Unlocks123 mod v1.4.1) (Version:  - )
Forgoten Hope 2 (2 of 2) (dummy) (HKLM-x32\...\Forgotten Hope 2) (Version:  - )
Forgotten Hope 0.70 (HKLM-x32\...\Forgotten Hope) (Version: 0.70 - Forgotten Hope Mod Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lock On: Modern Air Combat (HKLM-x32\...\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}) (Version: 1.00.000 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Websearch (HKLM-x32\...\Maxwebsearch) (Version:  - Maxwebsearch)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.36 - NVIDIA Corporation)
NVIDIA Control Panel 296.36 (Version: 296.36 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.36 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9636 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.26.3.2879 - PasswordBox, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.0 - Project Reality)
PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version:  - )
QuickShare (HKLM-x32\...\{232F1B14-7126-491F-AC8C-6123BA58FDE2}) (Version: 1.135.60.12323 - Linkury Inc.) <==== ATTENTION
Ravaged (HKLM-x32\...\Steam App 96300) (Version:  - )
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Sandbox (HKLM-x32\...\Sandbox) (Version:  - )
Savings Explorer (HKLM-x32\...\Savings Explorer) (Version: 1.24.151.151 - 215 Apps)
Scholastic's I SPY Fantasy (HKLM-x32\...\Scholastic's I SPY Fantasy) (Version:  - )
Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version:  - )
Scholastic's I SPY Treasure Hunt (HKLM-x32\...\Scholastic's I SPY Treasure Hunt) (Version: 1.0 - Scholastic Inc.)
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ShopOn Coupon Extension Helper (HKLM\...\ShopOn) (Version: 1.6.49 - ShopOn Unlimited LLC) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Virtual Families Packages (HKCU\...\Virtual Families Packages) (Version:  - ) <==== ATTENTION
WebInternetSecurity (HKLM-x32\...\Webinternetsecurity) (Version:  - Webinternetsecurity)
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WOoKie Sniper Mod 1.3 (HKLM-x32\...\WOoKie Sniper Mod) (Version: 1.3 - Scouty)
WordPad+ version 1.01 (HKLM-x32\...\WordPad+_is1) (Version: 1.01 - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version:  - Wargaming.net)
World of Warplanes Hack Toll 2.8 (HKLM-x32\...\World of Warplanes Hack Toll 2.8) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

16-03-2014 07:45:21 Scheduled Checkpoint
19-03-2014 00:00:24 Windows Update
22-03-2014 03:11:43 Windows Update
25-03-2014 21:37:54 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {011370A5-018E-4AA2-A481-1523E7A23A58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.)
Task: {023CD68F-48C5-4C40-A563-162B425C1BB9} - System32\Tasks\Updater21802.exe => C:\Users\cynical\AppData\Local\Updater21802\Updater21802.exe <==== ATTENTION
Task: {0374F184-232F-4118-8419-55F5688FAD94} - \GoforFilesUpdate No Task File
Task: {13054A1C-87B3-40D9-811C-13B64AEBA521} - System32\Tasks\{A4C966BB-E0F7-4EA0-BAFF-378BD1F89D43} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe
Task: {1444863C-CEFA-413B-8CF8-CACB600F485B} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {1720B02C-915C-49D2-9F77-41C9414781FD} - System32\Tasks\{E80F6B32-5D3A-42B6-AD92-BB4419995F64} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {18A5DCA4-5ACA-4341-A32D-880E91F08B3F} - System32\Tasks\pc-dis-upd => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe [2013-01-01] (PC Cleaners Inc.) <==== ATTENTION
Task: {19472C8B-735D-4912-9716-B385C44BA07A} - System32\Tasks\TidyNetwork Update => C:\Users\cynical\AppData\Local\TidyNetwork\petnupdate.exe
Task: {2D7C059A-1C14-4D22-9089-50AE99B508E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {310B9523-078B-410A-BFA5-2A8D9F04142C} - System32\Tasks\{407E4C35-61C1-4ED6-9FF4-526E5B00DE1F} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {33B0FF98-90B9-4742-BE46-43BE2D294852} - System32\Tasks\{341E9A2A-7320-4E28-A66E-D615E3701034} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {3C8C2035-B41A-4487-9BD7-16CECADA3107} - \Dealply No Task File
Task: {3F91A3D8-C549-402F-B916-E5FD071269B0} - System32\Tasks\Oxy => C:\Users\cynical\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
Task: {458EC67D-CDD7-45D8-A283-943A5D498EDF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {4B0D1B46-6C73-499D-9567-9E407789909A} - System32\Tasks\{773B3E96-62DA-4A63-9D8D-066DDCBF4F0E} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8} - System32\Tasks\RunAsStdUser Task => C:\Users\cynical\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {69F31346-B202-4B52-83C8-38A13151F95B} - \BackgroundContainer Startup Task No Task File
Task: {7AF87EB6-A50C-42AB-BAC5-ED331B75213F} - System32\Tasks\{B143C027-5E0A-4953-A279-00F911072A82} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {825F3FA3-0D8D-4A97-BED1-ED92E699BE05} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {8B81D2E4-E4CC-4B83-8E86-E0D6AFED81F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.)
Task: {982B2063-2ACA-4114-8641-F7F03E4466C7} - System32\Tasks\{1B4171AB-B20F-42D6-90A5-F8B0442B8E9E} => C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
Task: {B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {B3C3C651-4FAA-4BCF-9C5D-35E8745A7124} - System32\Tasks\{2DB518E2-242C-48AE-B842-9B476DC059A7} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {BE244C55-D878-437F-8958-D629A45820B1} - System32\Tasks\VisualBeeRecovery => C:\Users\cynical\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe
Task: {D146400E-D601-4848-B232-E55DAD7CEF7D} - System32\Tasks\{DDAE764B-5E62-4542-81A7-9F530B2AFAEA} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe
Task: {D21A428F-B137-4082-B614-CC2DBDC5027F} - System32\Tasks\{6CD8CB2F-67CF-4051-8371-8C7532DA141C} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {D57B8DD7-8986-47A5-9113-4033E31B09CE} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION
Task: {D5E597B0-AEF9-4B45-B1FE-6022BAD894EF} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe
Task: {E57F0D33-3F19-4198-8CC3-C7EE1BB01B67} - System32\Tasks\{3CA31466-DEDD-4D77-9668-9C817280AAC9} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {E7594EA4-3392-41B3-8CDC-D73F6FB3664E} - System32\Tasks\{7C31E5D9-F65C-493F-AFB8-E1DEAB2E500B} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {F2E7344B-9FA6-44BF-BDC7-FB1E0C2026E5} - System32\Tasks\{D89C3165-63A0-4E42-A9CA-6F65D48D364C} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe
Task: {F9ED1981-BA10-43D4-95B0-BFCEC7FB3ABD} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe [2014-01-20] ()
Task: {FF87AC17-1E07-4ED4-91C7-7982BDF43741} - System32\Tasks\{5CCB7AEE-C302-44F7-A930-4C42D2825F16} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\pc-dis-upd.job => ?
Task: C:\windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-10-12 00:19 - 2013-10-12 00:19 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-11-30 00:31 - 2012-11-30 00:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-06-08 01:36 - 2012-03-19 19:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-16 16:00 - 2013-10-16 16:00 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2012-06-08 01:37 - 2012-03-23 00:10 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-10 22:40 - 2013-12-12 18:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-10 22:40 - 2013-11-04 21:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-25 17:23 - 2014-02-10 22:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-12-31 22:37 - 2014-02-25 17:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-12-31 22:37 - 2014-01-10 19:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-31 22:37 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-31 22:37 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-31 22:37 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-06-08 00:09 - 2012-03-06 15:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2014 07:42:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: AlienwareAlienFXController.exe, version: 2.7.25.0, time stamp: 0x4f0c4453
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x003b6bec
Faulting process id: 0x1524
Faulting application start time: 0xAlienwareAlienFXController.exe0
Faulting application path: AlienwareAlienFXController.exe1
Faulting module path: AlienwareAlienFXController.exe2
Report Id: AlienwareAlienFXController.exe3

Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime) (User: )
Description: Application: AlienwareAlienFXController.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>)
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent()
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/22/2014 05:41:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/16/2014 03:39:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/15/2014 03:22:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (03/07/2014 05:59:31 PM) (Source: Application Hang) (User: )
Description: The program hl2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1394

Start Time: 01cf3a4f826d15ce

Termination Time: 402

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

Report Id:


System errors:
=============
Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (03/27/2014 04:03:50 PM) (Source: Service Control Manager) (User: )
Description: The ShopOn Service service hung on starting.

Error: (03/27/2014 04:02:28 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.0.5 service failed to start due to the following error:
%%2

Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: )
Description: The Portable Device Enumerator Service service failed to start due to the following error:
%%1115

Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: )
Description: The Human Interface Device Access service failed to start due to the following error:
%%1115


Microsoft Office Sessions:
=========================
Error: (03/24/2014 07:42:44 PM) (Source: Application Error)(User: )
Description: AlienwareAlienFXController.exe2.7.25.04f0c4453unknown0.0.0.000000000c0000005003b6bec152401cf47baaf4e6395C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exeunknownfe7e57c9-b3ad-11e3-b803-848f69f575ee

Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime)(User: )
Description: Application: AlienwareAlienFXController.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>)
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent()
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/22/2014 05:41:26 AM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2

Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/16/2014 03:39:39 AM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2

Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/15/2014 03:22:20 PM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2

Error: (03/07/2014 05:59:31 PM) (Source: Application Hang)(User: )
Description: hl2.exe0.0.0.0139401cf3a4f826d15ce402C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concers..

 

Kevin

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014 02
Ran by L33tMaN at 2014-09-28 19:24:43 Run:3
Running from C:\Users\L33tMaN\Desktop
Loaded Profiles: L33tMaN & cynical (Available profiles: UpdatusUser & L33tMaN & cynical)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
(app) C:\Program Files (x86)\Browser+ Apps+\d0129b8e-caeb-4107-8574-418aabad4b13.exe
C:\Program Files (x86)\Browser+ Apps+
(MyOSCompany) C:\Program Files (x86)\PCTRunner\MyOSProtect.exe
C:\Program Files (x86)\PCTRunner
HKLM-x32\...\Run: [WebInternetSecurity] => "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe"
C:\Program Files (x86)\Webinternetsecurity
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
C:\Program Files (x86)\AskPartnerNetwork
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [se] => C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-08-23] (SkypEmoticons)
C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader)
C:\Program Files (x86)\YTDownloader
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
C:\PROGRA~2\SearchProtect
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com...=1571061767&ir=
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com...=1571061767&ir=
SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com...=1571061767&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://groovorio.com...=1571061767&ir=
BHO: Browser+ Apps+ -> {11111111-1111-1111-1111-110611441149} -> C:\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho64.dll (app)
BHO-x32: Browser+ Apps+ -> {11111111-1111-1111-1111-110611441149} -> C:\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho.dll (app)
Winsock: Catalog9 01 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 21 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9-x64 01 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 15 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
cmd: netsh winsock reset
FF Homepage: hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
FF DefaultSearchEngine: Groovorio
FF SelectedSearchEngine: Groovorio
CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=", "hxxp://astromenda.com/?f=7&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir="
CHR DefaultSearchKeyword: Default -> groovorio.com
CHR DefaultSearchProvider: Default -> Groovorio
CHR DefaultSearchURL: Default -> http://groovorio.com...=1571061767&ir=
CHR Extension: (Groovorio New Tab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2014-09-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R3 MyOSProtect; C:\Program Files (x86)\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed]
C:\monitorsvc.exe
S2 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [X]
S4 aswSP; No ImagePath
C:\windows\SysWOW64\MyOSProtect.ini
C:\windows\SysWOW64\MyOSProtectOff.ini
C:\windows\system32\MyOSProtectOff.ini
C:\windows\system32\MyOSProtect64.dll
C:\windows\SysWOW64\MyOSProtect.dll
C:\Users\Public\AlexaNSISPlugin.3888.dll
C:\Users\L33tMaN\AppData\Local\Temp\032939rr.exe
C:\Users\L33tMaN\AppData\Local\Temp\6_Offer_13.exe
C:\Users\L33tMaN\AppData\Local\Temp\99e01abe8193efaba61686db19cab8b8.dll
C:\Users\L33tMaN\AppData\Local\Temp\APNSetup.exe
C:\Users\L33tMaN\AppData\Local\Temp\BackupSetup.exe
C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup245.exe
C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup5726.exe
C:\Users\L33tMaN\AppData\Local\Temp\comver.dll
C:\Users\L33tMaN\AppData\Local\Temp\FreeZip920.exe
C:\Users\L33tMaN\AppData\Local\Temp\nscC558.tmp.exe
C:\Users\L33tMaN\AppData\Local\Temp\optprosetup.exe
C:\Users\L33tMaN\AppData\Local\Temp\post1.exe
C:\Users\L33tMaN\AppData\Local\Temp\post2.dll
C:\Users\L33tMaN\AppData\Local\Temp\post2.exe
C:\Users\L33tMaN\AppData\Local\Temp\setup_ex.exe
C:\Users\L33tMaN\AppData\Local\Temp\shutdown1408846448.exe
C:\Users\L33tMaN\AppData\Local\Temp\SpOrder.dll
C:\Users\L33tMaN\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\L33tMaN\AppData\Local\Temp\Tsu5D1EC982.dll
C:\Users\L33tMaN\AppData\Local\Temp\updateb.exe
C:\Users\L33tMaN\AppData\Local\Temp\update_31858_setup.exe
Task: {023CD68F-48C5-4C40-A563-162B425C1BB9} - System32\Tasks\Updater21802.exe => C:\Users\cynical\AppData\Local\Updater21802\Updater21802.exe <==== ATTENTION
C:\Users\cynical\AppData\Local\Updater21802
Task: {1444863C-CEFA-413B-8CF8-CACB600F485B} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {18A5DCA4-5ACA-4341-A32D-880E91F08B3F} - System32\Tasks\pc-dis-upd => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe [2013-01-01] (PC Cleaners Inc.) <==== ATTENTION
C:\Program Files (x86)\PC Cleaners
Task: {3F91A3D8-C549-402F-B916-E5FD071269B0} - System32\Tasks\Oxy => C:\Users\cynical\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
C:\Users\cynical\AppData\Roaming\Oxy
Task: {4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8} - System32\Tasks\RunAsStdUser Task => C:\Users\cynical\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {D57B8DD7-8986-47A5-9113-4033E31B09CE} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION
c:\programdata\quickset
Task: C:\windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\ProgramData\Temp:D346F792
EmptyTemp:
End


*****************

[4780] C:\Program Files (x86)\Browser+ Apps+\d0129b8e-caeb-4107-8574-418aabad4b13.exe => Process closed successfully.
C:\Program Files (x86)\Browser+ Apps+ => Moved successfully.
[5864] C:\Program Files (x86)\PCTRunner\MyOSProtect.exe => Process closed successfully.
C:\Program Files (x86)\PCTRunner => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WebInternetSecurity => value deleted successfully.
"C:\Program Files (x86)\Webinternetsecurity" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value deleted successfully.
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\Software\Microsoft\Windows\CurrentVersion\Run\\se => value deleted successfully.
C:\Users\L33tMaN\AppData\Roaming\SkypEmoticons => Moved successfully.
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
C:\Program Files (x86)\YTDownloader => Moved successfully.
"HKU\S-1-5-21-383299565-3798718073-3649502856-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-383299565-3798718073-3649502856-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963}" => Key not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
C:\PROGRA~2\SearchProtect => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611441149}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611441149}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611441149}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611441149}" => Key deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000021 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.

=========  netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Groovorio ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
MyOSProtect => Service deleted successfully.
ProtectMonitor => Service deleted successfully.
C:\monitorsvc.exe => Moved successfully.
PennyBee => Service deleted successfully.
aswSP => Service deleted successfully.
C:\windows\SysWOW64\MyOSProtect.ini => Moved successfully.
C:\windows\SysWOW64\MyOSProtectOff.ini => Moved successfully.
C:\windows\system32\MyOSProtectOff.ini => Moved successfully.
C:\windows\system32\MyOSProtect64.dll => Moved successfully.
C:\windows\SysWOW64\MyOSProtect.dll => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.3888.dll => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\032939rr.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\6_Offer_13.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\99e01abe8193efaba61686db19cab8b8.dll => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup245.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\CloudBackup5726.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\comver.dll => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\FreeZip920.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\nscC558.tmp.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\post1.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\post2.dll => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\post2.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\setup_ex.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\shutdown1408846448.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\Tsu5D1EC982.dll => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\updateb.exe => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Temp\update_31858_setup.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{023CD68F-48C5-4C40-A563-162B425C1BB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{023CD68F-48C5-4C40-A563-162B425C1BB9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Updater21802.exe not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater21802.exe" => Key deleted successfully.
"C:\Users\cynical\AppData\Local\Updater21802" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1444863C-CEFA-413B-8CF8-CACB600F485B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1444863C-CEFA-413B-8CF8-CACB600F485B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18A5DCA4-5ACA-4341-A32D-880E91F08B3F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18A5DCA4-5ACA-4341-A32D-880E91F08B3F}" => Key deleted successfully.
C:\Windows\System32\Tasks\pc-dis-upd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pc-dis-upd" => Key deleted successfully.
"C:\Program Files (x86)\PC Cleaners" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F91A3D8-C549-402F-B916-E5FD071269B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F91A3D8-C549-402F-B916-E5FD071269B0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Oxy => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy" => Key deleted successfully.
"C:\Users\cynical\AppData\Roaming\Oxy" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8}" => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91}" => Key deleted successfully.
C:\Windows\System32\Tasks\GC_Informer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A}" => Key deleted successfully.
C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D57B8DD7-8986-47A5-9113-4033E31B09CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D57B8DD7-8986-47A5-9113-4033E31B09CE}" => Key deleted successfully.
C:\Windows\System32\Tasks\SK.Enhancer-S-161304646 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SK.Enhancer-S-161304646" => Key deleted successfully.
"c:\programdata\quickset" => File/Directory not found.
C:\windows\Tasks\SK.Enhancer-S-161304646.job not found.
C:\ProgramData\Temp => ":AD022376" ADS removed successfully.
C:\ProgramData\Temp => ":D346F792" ADS removed successfully.
EmptyTemp: => Removed 10.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

Malware Bytes won't install after downloading; as per original post.

Getting a runtime error.

Tried all the fixes in that post, but nothing works.

 

https://forums.malwarebytes.org/index.php?/topic/149909-internal-error-expression-error-runtime-error-external-exception-e06d7363/

 

 

Will try other programs tonight.

Link to post
Share on other sites

# AdwCleaner v3.310 - Report created 29/09/2014 at 19:38:54
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : L33tMaN - L33TMAN-PC
# Running from : C:\Users\L33tMaN\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : netfilter64
[#] Service Deleted : sbmntr
Service Deleted : Scores

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\DigiSaver
Folder Deleted : C:\ProgramData\ItsReadyApp
Folder Deleted : C:\ProgramData\SNT
Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\BiituSaovearr
Folder Deleted : C:\ProgramData\DDigiSSaver
Folder Deleted : C:\ProgramData\DEaalExpprress
Folder Deleted : C:\ProgramData\EnJoyuCoauupponi
Folder Deleted : C:\ProgramData\RaeggulaarDEAls
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\PC Cleaner
Folder Deleted : C:\Program Files (x86)\PennyBee
Folder Deleted : C:\Program Files (x86)\PepperZip
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\SNT
Folder Deleted : C:\Program Files\002
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\cynical\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\cynical\AppData\Local\GCC
Folder Deleted : C:\Users\cynical\AppData\Local\torch
Folder Deleted : C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\L33tMaN\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\L33tMaN\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\L33tMaN\AppData\Local\globalUpdate
Folder Deleted : C:\Users\L33tMaN\AppData\Local\torch
Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\Object Browser
Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Systweak
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\wse_astromenda
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\c.eyojmmbh@k-ibrqfvprx.com
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\c.eyojmmbh@k-ibrqfvprx.com
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\eooe@mkpc-.com
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\eooe@mkpc-.com
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\hdz3xas@yomwft.net
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\hdz3xas@yomwft.net
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\kf3i@rcjkzhxfcj.edu
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\kf3i@rcjkzhxfcj.edu
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\rjanqoar@sic.org
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\rjanqoar@sic.org
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\uuui-iaya@ftauomllc.org
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\uuui-iaya@ftauomllc.org
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\whpz_9aui@ywh-aua.net
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\whpz_9aui@ywh-aua.net
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\ydbka@lynubkqd.co.uk
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\ydbka@lynubkqd.co.uk
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\a6jz@aeyoiia.net
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\ujhs@iy-ifro.co.uk
Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibelhbaipgfkolikojeolihodbmiimib
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhpfckdljkknkmffihkbmnhjhkhdjpcl
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkeclpkjbbijdbimkckghjlnddfaeoe
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kancepghcmomgaajdppjlakhipambpjj
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdopiaenbjifbhdpkbbalgkigjpdjg
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob
File Deleted : C:\Users\cynical\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx
File Deleted : C:\END
File Deleted : C:\monitor.exe
File Deleted : C:\windows\score.exe
File Deleted : C:\windows\System32\drivers\netfilter64.sys
File Deleted : C:\windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\cynical\daemonprocess.txt
File Deleted : C:\Users\cynical\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\cynical\Desktop\PepperZip.lnk
File Deleted : C:\Users\UpdatusUser\Desktop\PepperZip.lnk
File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\astromenda.xml
File Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\astromenda.xml
File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\Groovorio.xml
File Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\Groovorio.xml
File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\user.js
File Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\user.js
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_service.pricegong.com_0.localstorage-journal
File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage

***** [ Scheduled Tasks ] *****

Task Deleted : ASP
Task Deleted : BackgroundContainer Startup Task
Task Deleted : Dealply
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
Task Deleted : Smp
Task Deleted : SMupdate1
Task Deleted : SPDriver
Task Deleted : VisualBeeRecovery
Task Deleted : WSE_Astromenda
Task Deleted : YTDownloader
Task Deleted : 7811b4e1-cc43-4429-852a-998646c16bc7
Task Deleted : d0129b8e-caeb-4107-8574-418aabad4b13
Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-1
Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-11
Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-2
Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-3
Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-4
Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-5
Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-5_user
Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-6
Task Deleted : e44f9199-0b4d-467f-bc3d-08e536696e26-7

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware\Product Registration.lnk
Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\L33tMaN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{11C3EB7B-A21E-CEFD-BC6D-10B13205EF14}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\oxy.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0064449.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0064449.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0064449.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0064449.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622442249}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655445549}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666446649}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644444449}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622442249}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655445549}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666446649}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PennyBee
Key Deleted : HKCU\Software\PepperZip
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\ShopperPro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Object Browser
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PennyBee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Groovorio");
Line Deleted : user_pref("browser.search.selectedEngine", "Groovorio");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://groovorio.com/?f=1&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCt[...]
Line Deleted : user_pref("extensions.a56560a80995b47cd852a772f3a7ea92bgmailcom64449.64449.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V[...]
Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD[...]
Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytD[...]
Line Deleted : user_pref("extensions.crossrider.bic", "14880ecda5c5c1343304df8fa96517a5");

[ File : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js ]

Line Deleted : user_pref("extensions.4LzwQXJI_k3u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.4cxz.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.Bph07E8q4T.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.Eqp5ofch.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.O1uSrr.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("extensions.OrwRs.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Deleted : user_pref("extensions.U43kaHjR.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.YeSbu4wMKYgh.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.a56560a80995b47cd852a772f3a7ea92bgmailcom64449.64449.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V[...]
Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD[...]
Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytD[...]
Line Deleted : user_pref("extensions.crossrider.bic", "14873268b7f015ef7f034a2e629e7ace");
Line Deleted : user_pref("extensions.yBcTbQmJN4j.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.zIGZAHOU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://default.maxwebsearch.com/s?type=default&userid=e4337837-2ccf-44ae-bd5d-9306d52ec4ce&implementation=maxwebsearch&implementationdomain=maxwebsearch.com&source=&uc=20130113&subid=20130113&query={searchTerms}
Deleted [search Provider] : hxxp://blank.maxwebsearch.com/s?type=blank&query={searchTerms}&local=0&i_id=maxwebsearch&source=&uid=e4337837-2ccf-44ae-bd5d-9306d52ec4ce&uc=20130113&subid=20130113
Deleted [search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110801&tl=280113_9103&tt=280113_9103&babsrc=SP_ss&mntrId=86966daa000000000000083e8e4eeb3f
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN37897023201727314&ctid=CT3287802&UM=2&sspv=TB_CNI1
Deleted [search Provider] : hxxp://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=377&r=2013/11/23&hid=3280892760132986455&lg=EN&cc=US&unqvl=42
Deleted [search Provider] : hxxp://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_cr_us_display?ie=UTF8&tagbase=bds-y46&tag=bds-y46-serp-us-cr-20&tbrId=v1_bds-y46_e020580ae7d7492c8a581e14c36c7dde_1012_1005_20131123_US_cr_ds_todownload&query={searchTerms}
Deleted [search Provider] : hxxp://www-search.net/search.aspx?s=E8Ozsmt00_0_0_0_0,8838bbd0-cd4d-4cb4-9e1d-ad431133ffa4,,8838bbd0-cd4d-4cb4-9e1d-ad431133ffa4,&q={searchTerms}

[ File : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://www-search.net/search.aspx?s=E8Ozsmt00_0_0_0_0,8838bbd0-cd4d-4cb4-9e1d-ad431133ffa4,,8838bbd0-cd4d-4cb4-9e1d-ad431133ffa4,&q={searchTerms}
Deleted [search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=508813105&ir=
Deleted [search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto11_14_34&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0FyDyByD0E0EyC0D0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1FtCtC1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StCyCyD0DtAtAyByDtGzyyEtCyDtGzytCyC0CtGyD0EtDtDtGyC0C0B0E0A0FyCtAtC0AzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtD0EtDtCyByDtG0B0D0CtDtGyEtB0AzztGzy0ByB0BtG0Czy0F0AtC0AyCtAzytBtC0D2Q&cr=1571061767&ir=
Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae

*************************

AdwCleaner[R0].txt - [78496 octets] - [25/03/2014 20:21:35]
AdwCleaner[R1].txt - [49146 octets] - [29/09/2014 19:37:32]
AdwCleaner[s0].txt - [77709 octets] - [25/03/2014 20:24:17]
AdwCleaner[s1].txt - [46004 octets] - [29/09/2014 19:38:54]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [46065 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Home Premium x64
Ran by L33tMaN on Tue 09/30/2014 at 19:50:52.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update swift browse
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util swift browse
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611441149}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\L33tMaN\AppData\Roaming\mozilla\firefox\profiles\vdq54lkb.default\prefs.js

user_pref("extensions.yBcTbQmJN4j.url", "hxxp://fasten-tech.com/sync2/?q=hfZ9ofV9CShEAen0rjk8pchTB6lKDzt4olljtNtVh7n0rjnEqjwErdrGqTr5tMFHhd9Fqda4rTYEqHsFrjnMDMlGojUMAe4UojgHpd
Emptied folder: C:\Users\L33tMaN\AppData\Roaming\mozilla\firefox\profiles\vdq54lkb.default\minidumps [8 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\L33tMaN\appdata\local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/30/2014 at 19:52:40.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

��

---------------------------------------------------------------------------------------



Microsoft Windows Malicious Software Removal Tool v4.15, December 2012

Started On Tue Jan 01 16:58:28 2013



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 01 16:59:11 2013





Return code: 0 (0x0)



---------------------------------------------------------------------------------------



Microsoft Windows Malicious Software Removal Tool v4.16, January 2013

Started On Tue Jan 08 19:10:51 2013

->Scan ERROR: resource process://pid:2524 (code 0x00000005 (5))



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 08 19:11:40 2013





Return code: 0 (0x0)



---------------------------------------------------------------------------------------



Microsoft Windows Malicious Software Removal Tool v4.17, February 2013

Started On Wed Feb 13 18:57:33 2013

->Scan ERROR: resource process://pid:1252 (code 0x00000005 (5))



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 18:58:37 2013





Return code: 0 (0x0)



---------------------------------------------------------------------------------------



Microsoft Windows Malicious Software Removal Tool v4.18, March 2013

Started On Fri Apr 05 14:04:22 2013



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 05 14:05:15 2013





Return code: 0 (0x0)



---------------------------------------------------------------------------------------



Microsoft Windows Malicious Software Removal Tool v4.21, June 2013

Started On Wed Jun 12 16:27:07 2013

->Scan ERROR: resource process://pid:260 (code 0x00000005 (5))



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 12 16:28:08 2013





Return code: 0 (0x0)



---------------------------------------------------------------------------------------



Microsoft Windows Malicious Software Removal Tool v4.22, July 2013

Started On Tue Jul 16 20:31:20 2013

->Scan ERROR: resource process://pid:1256 (code 0x00000005 (5))



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 16 20:32:18 2013





Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)

Started On Thu Aug 15 19:45:54 2013




Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 15 19:46:50 2013




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)

Started On Tue Sep 10 19:05:52 2013


Engine: 1.1.9800.0

Signatures: 1.157.932.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 10 19:06:51 2013




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)

Started On Tue Oct 08 21:51:56 2013


Engine: 1.1.9901.0

Signatures: 1.159.530.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 08 21:52:56 2013




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Sun Nov 17 03:00:34 2013


Engine: 1.1.10003.0

Signatures: 1.161.1618.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Nov 17 03:01:37 2013




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)

Started On Sun Dec 15 16:12:45 2013


Engine: 1.1.10100.0

Signatures: 1.163.1013.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 15 16:14:08 2013




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)

Started On Sat Jan 18 03:01:05 2014


Engine: 1.1.10201.0

Signatures: 1.165.1273.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 18 03:03:23 2014




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)

Started On Sun Feb 16 03:00:43 2014


Engine: 1.1.10201.0

Signatures: 1.165.3163.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 03:02:16 2014




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)

Started On Tue Mar 18 20:00:39 2014


Engine: 1.1.10302.0

Signatures: 1.167.1001.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 18 20:01:58 2014




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)

Started On Wed Apr 09 19:57:08 2014


Engine: 1.1.10401.0

Signatures: 1.169.1258.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 19:58:17 2014




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)

Started On Tue May 13 19:55:00 2014


Engine: 1.1.10502.0

Signatures: 1.173.1305.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue May 13 19:56:12 2014




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)

Started On Wed Jun 11 18:14:11 2014


Engine: 1.1.10600.0

Signatures: 1.175.1113.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 18:15:25 2014




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)

Started On Wed Jul 09 19:33:02 2014


Engine: 1.1.10701.0

Signatures: 1.177.949.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 09 19:34:38 2014




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)

Started On Wed Aug 13 03:04:44 2014


Engine: 1.1.10802.0

Signatures: 1.179.1796.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 03:08:02 2014




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Sat Sep 13 03:02:45 2014


Engine: 1.1.10904.0

Signatures: 1.183.882.0



Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 13 03:10:47 2014




Return code: 0 (0x0)



---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Tue Sep 30 19:57:44 2014


Engine: 1.1.10904.0

Signatures: 1.183.882.0
 

Link to post
Share on other sites

Download Malwarebytes cleanup tool and save to desktop from here: xxxx link removed xxxx  run that twice...

 

Next,

 

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

 

  •  

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7/8, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

 

 

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.

 

  •  

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

 

 

  •  

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

 

 

If Malwarebytes still fails to install run your system in a clean boot mode, go here: http://support.microsoft.com/kb/929135 expand and follow the instructions for your version of Windows (Windows 7).

After booting in a clean state try to install Malwarebytes once more...

 

Thanks,

 

Kevin...

 

Post updated [02/12/2021 - AdvancedSetup]

The following MBST tool should be used to perform a clean removal and reinstall

https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-using-the-Malwarebytes-Support-Tool

 

 

Edited by AdvancedSetup
updated information
Link to post
Share on other sites

Here is the first log:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/01/2014 07:26:10 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/01/2014 07:27:07 PM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)

 

Cleanup Tool did run; will try to run MB in a day or 2.

 

Link to post
Share on other sites

Was able to install; so here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/4/2014
Scan Time: 12:20:52 PM
Logfile: mb.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.04.10
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: L33tMaN

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 439210
Time Elapsed: 9 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe, 3452, Delete-on-Reboot, [c2c3c42b0f6c2d093c3af916986bb947]

Modules: 0
(No malicious items detected)

Registry Keys: 13
Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_111_is1, Quarantined, [077ee50ad6a50e28a22fc1cbe81c20e0],
PUP.Optional.DesktopTemperature.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Desktop Temperature Monitor, Quarantined, [166f9c53443784b2bd925b64ee1352ae],
PUP.Optional.BrowserApps.A, HKLM\SOFTWARE\WOW6432NODE\Browser+ Apps+, Quarantined, [7b0a40af9fdc55e1a9041cf33ec514ec],
PUP.Optional.BrowserApps.A, HKLM\SOFTWARE\WOW6432NODE\Browser+ Apps+-nv, Quarantined, [ef965c93710af93df5b86da257ac718f],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [5233f2fdcfacc4723e5a38d7e41f8977],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\WOW6432NODE\PCTRunner, Quarantined, [2b5af8f7f982af87b6bec847d42f40c0],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_111_is1, Quarantined, [ea9b539c4b30d0668611ac634bb8f907],
PUP.Optional.BrowserApps.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser+ Apps+, Quarantined, [661fb639ed8eeb4bab04ea25db28c53b],
PUP.Optional.MyOSProtect.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PCTRunner, Quarantined, [cbba2ec1c7b4989ebfb67c93e61d24dc],
PUP.Optional.BrowserApps.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser+ Apps+, Quarantined, [9de8c9263c3f1422159ae827d92af40c],
PUP.Optional.BrowserApps.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser+ Apps+, Quarantined, [cabb955af8833105109fed22ed16d12f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-383299565-3798718073-3649502856-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [dfa6896678039a9ca15584e9dc286a96],
PUP.Optional.DeleteAd.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [e79e36b98af1be78d111d437f112a25e],

Registry Values: 1
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_111, "C:\Program Files (x86)\ospd_us_111\ospd_us_111.exe", Quarantined, [c5c0747b84f7ae88c1d9808fb54efe02]

Registry Data: 0
(No malicious items detected)

Folders: 45
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature, Delete-on-Reboot, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature, Quarantined, [305510dff78456e0284fb8571ee56d93],
PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles, Quarantined, [bfc6747b2655a195693bc2bde91b31cf],
PUP.Optional.Groovorio.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\nspdlgrvrio, Quarantined, [2c59608f68130a2cf8459766fb076b95],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults\preferences, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale\en-US, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults\preferences, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale\en-US, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, Quarantined, [394c539cf4879b9b0adb0503e2218e72],
PUP.Optional.OneSoftPerDay.A, C:\Users\cynical\AppData\Local\ospd_us_111, Quarantined, [414498570d6e3402f3f3af59c63d7789],
PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd],
PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111\Download, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b],
PUP.Optional.SystemAlerts.A, C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC, Quarantined, [3253747baecdfd397ea37297f01321df],
PUP.Optional.SystemAlerts.A, C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC\DesktopTemperature.exe_Url_z4jwgjlnvqyt4phogilb4bdgkf540uph, Quarantined, [3253747baecdfd397ea37297f01321df],
PUP.Optional.SystemAlerts.A, C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC\DesktopTemperature.exe_Url_z4jwgjlnvqyt4phogilb4bdgkf540uph\1.24.0.0, Quarantined, [3253747baecdfd397ea37297f01321df],
PUP.Optional.PennyBee.A, C:\Users\cynical\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw, Quarantined, [e69fe906e794280e55ef86838c77f10f],
PUP.Optional.PennyBee.A, C:\Users\cynical\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.3.0, Quarantined, [e69fe906e794280e55ef86838c77f10f],
PUP.Optional.PennyBee.A, C:\Users\L33tMaN\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw, Quarantined, [7c0901ee2d4e66d0b78d20e955ae5ea2],
PUP.Optional.PennyBee.A, C:\Users\L33tMaN\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.3.0, Quarantined, [7c0901ee2d4e66d0b78d20e955ae5ea2],
PUP.Optional.DeleteAd.A, C:\ProgramData\DeleteAd, Quarantined, [e79e36b98af1be78d111d437f112a25e],

Files: 277
Adware.EoRezo, C:\Program Files (x86)\ospd_us_111\unins000.exe, Quarantined, [077ee50ad6a50e28a22fc1cbe81c20e0],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\uninstall.exe, Quarantined, [166f9c53443784b2bd925b64ee1352ae],
PUP.Optional.Tuto4pc, C:\Users\L33tMaN\AppData\Local\ospd_us_111\upospd_us_111.exe, Quarantined, [097cf1feceadb5812527602cbf4526da],
PUP.Optional.InfoAtoms.A, C:\Program Files (x86)\Mozilla Firefox\InfoAtoms.cfg, Quarantined, [3b4a3db21665d85eb7187c90d62d38c8],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTUpdater.exe.config, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\56.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\62.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\65.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\67.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\68.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\69.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\71.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\72.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\73.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\75.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\77.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\78.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\79.png, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe, Delete-on-Reboot, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DesktopTemperature.exe.config, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTUpdater.exe, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\DTWxSvc.dll, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\ICSharpCode.SharpZipLib.dll, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\loading.gif, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Local\DesktopTemperature\WxStations.exe, Quarantined, [c2c3c42b0f6c2d093c3af916986bb947],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature\Desktop Temperature Monitor.lnk, Quarantined, [305510dff78456e0284fb8571ee56d93],
PUP.Optional.DesktopTemperature.A, C:\Users\L33tMaN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk, Quarantined, [7411757a562501353246c04f45be5ea2],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmchfpimpbbdmgpcieclabeafkljbhm_0.localstorage, Quarantined, [6c19b738d9a2da5ca3094ad0e41fbb45],
PUP.Optional.SelectNGo.A, C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [4c3931befd7eda5ce44461c73fc4758b],
PUP.Optional.ReMarkable.A, C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [afd649a6fd7e2c0a19ca0777f80ccd33],
PUP.Optional.Astromenda.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf}.xpi, Quarantined, [35505f903942db5bc476285770949c64],
PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles\GoforFiles.lnk, Quarantined, [bfc6747b2655a195693bc2bde91b31cf],
PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles\Remove GFF.lnk, Quarantined, [bfc6747b2655a195693bc2bde91b31cf],
PUP.Optional.Groovorio.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\nspdlgrvrio\fav-groups, Quarantined, [2c59608f68130a2cf8459766fb076b95],
PUP.Optional.Groovorio.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\nspdlgrvrio\favs##fb15ba6c7a26ff83c84230a3f57542a3, Quarantined, [2c59608f68130a2cf8459766fb076b95],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav-groups, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\favs##521a9a03640c5ff2875294125bb08ae7, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\redirects, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\0cd017cf91fd04bf79773a67b2024dba, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\0daa342edfd560ad0ea1b931c0af214d, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\1db7e24ba4a9dad899c2d480d747e70e, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\28360abfa681b07e079fcbd38ec078c9, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\4e5a64e7ba3d39ce08eca05f38506c4d, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\4f9d1d52649cda6800a941b52eca644f, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\588e67e120e6927a5cf8d10d01878b0c, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\6bfb1702719df5f96589665d94cf7cc7, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\b72ceea06e72394ef7ea0dfc2f5013ad, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\c10efe0bbc85bea8a3fb70863e0582ab, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\d5767155a9fbf7235ff7069a96365b46, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\d7834f2097cf4c9fd1e8b93104de0c9b, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\dac5373f4e764d021f506ba5678879da, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\fa5c0009ede61f80c363a298aff49ef3, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.Groovorio.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\nspdlgrvrio\fav_thumbs\fe197eafc1350a296c9d61ffb2b1d6fc, Quarantined, [5f2609e6c4b73ff7d36a8875da2815eb],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome.manifest, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\install.rdf, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\0ab2bc832b86ea02f1fabdf8110901d7.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\5f7e651e54184e1c739f55b3157abc88.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\5fc2ba2cdfd34bd9ed3b1379c9cb8d07.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\99b8ee12892a9edbf77f0472ba338611.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\background.html, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\browser.xul, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\dialog.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\e6fb47f015a87ea3a5337d582b1d3669.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\f86dba94ab46480c210d3f58e1ac6c2a.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\options.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\options.xul, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\search_dialog.xul, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\19f46b1ca9f169b19bfee2f2cc835072.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\37917f0d4c9887df983fcfc4df78628d.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\3e9c7d286e68f5a8df289807c698c5b3.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\3ec2617f8c32f2bb5dd6c2188af734fe.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\5747dc599be44371d3c7fea30f9d6a99.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\682eb10fb5af22380aefca3cc6fc8b73.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\68fceab2f19e9a197b35aa261e5cdb02.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\8094aa9341d9592833f694bb9b17f29b.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\a202dce204b30f4c94d216901cdf7011.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ae21333ff3abe85fda4e24e48b278ebc.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\af1f1ba619f2cd09c4136dfc6200feb6.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\b5c1ef51aabb834d8327b3154caf9673.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\da830fcca9a226b0a9dcb494793b4e60.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\e0d82dd89be4cfab7dd1955f63dbb09f.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ee30c39cad84b909459ec6c6cc03514a.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ff4416fd2e64d4daaa0ecc1bf17c889a.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\8db2ef01566a36a4407f85aa1330dd8b.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\09e649e55a3a7f33d7e96881e869a522.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\0a8dbe0235582650768b41735ecc7b54.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\0ed992b8d7d3743a3a9f915f634f8ad9.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\109eccf3e46942fd002c98b5f470b322.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\20557fb987ed5af6c5a21c00b1825fb7.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\3335aeed39188b1167ec1266446a4803.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\57dd1b91484e8e2a5e9a382034f010f4.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\7a11924da6f27891c347b85325eb52dc.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\8200507747559d2db85f77a3014cf787.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\9250c1f5c21a506f8997f5918bf80cb9.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\97536eb41a75c90cfd8aac53458efc8f.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\9cec35cb15d078ea3f31365dfa5b9356.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\cd045d8352541ec65efd1844593fd9a8.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\cd3497bf2cca4188e0c3e0f70cfd3f3e.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\ddc180428160b0f07cbf9fe06a164579.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\e036ce88b1df45c02799981b9fb90ef0.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\ef225f013f8e75900ae0dfe2d7aa973d.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\f0a7c78856b9c75eb06758dcf34c71a8.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\f8a77e610354530e4c20e6b5a25794fa.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\installer.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults\preferences\prefs.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\manifest.xml, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins.json, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\102.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\104.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\13.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\14.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\16.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\17.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\180.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\184.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\192.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\195.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\220.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\221.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\223.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\233.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\242.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\246.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\260.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\262.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\263.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\268.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\273.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\275.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\281.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\289.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\300.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\4.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\47.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\64.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\7.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\78.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\9.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\91.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\93.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode\background.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode\extension.js, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale\en-US\translations.dtd, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button1.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button2.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button3.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button4.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button5.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\crossrider_statusbar.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon128.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon16.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon24.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon48.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\panelarrow-up.png, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\popup.html, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\skin.css, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\update.css, Quarantined, [077e38b783f883b3d9050ef2c63da957],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome.manifest, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\install.rdf, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\0ab2bc832b86ea02f1fabdf8110901d7.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\5f7e651e54184e1c739f55b3157abc88.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\5fc2ba2cdfd34bd9ed3b1379c9cb8d07.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\99b8ee12892a9edbf77f0472ba338611.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\background.html, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\browser.xul, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\dialog.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\e6fb47f015a87ea3a5337d582b1d3669.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\f86dba94ab46480c210d3f58e1ac6c2a.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\options.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\options.xul, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\search_dialog.xul, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\19f46b1ca9f169b19bfee2f2cc835072.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\37917f0d4c9887df983fcfc4df78628d.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\3e9c7d286e68f5a8df289807c698c5b3.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\3ec2617f8c32f2bb5dd6c2188af734fe.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\5747dc599be44371d3c7fea30f9d6a99.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\682eb10fb5af22380aefca3cc6fc8b73.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\68fceab2f19e9a197b35aa261e5cdb02.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\8094aa9341d9592833f694bb9b17f29b.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\a202dce204b30f4c94d216901cdf7011.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ae21333ff3abe85fda4e24e48b278ebc.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\af1f1ba619f2cd09c4136dfc6200feb6.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\b5c1ef51aabb834d8327b3154caf9673.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\da830fcca9a226b0a9dcb494793b4e60.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\e0d82dd89be4cfab7dd1955f63dbb09f.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ee30c39cad84b909459ec6c6cc03514a.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\api\ff4416fd2e64d4daaa0ecc1bf17c889a.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\8db2ef01566a36a4407f85aa1330dd8b.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\09e649e55a3a7f33d7e96881e869a522.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\0a8dbe0235582650768b41735ecc7b54.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\0ed992b8d7d3743a3a9f915f634f8ad9.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\109eccf3e46942fd002c98b5f470b322.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\20557fb987ed5af6c5a21c00b1825fb7.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\3335aeed39188b1167ec1266446a4803.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\57dd1b91484e8e2a5e9a382034f010f4.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\7a11924da6f27891c347b85325eb52dc.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\8200507747559d2db85f77a3014cf787.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\9250c1f5c21a506f8997f5918bf80cb9.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\97536eb41a75c90cfd8aac53458efc8f.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\9cec35cb15d078ea3f31365dfa5b9356.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\cd045d8352541ec65efd1844593fd9a8.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\cd3497bf2cca4188e0c3e0f70cfd3f3e.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\ddc180428160b0f07cbf9fe06a164579.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\e036ce88b1df45c02799981b9fb90ef0.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\ef225f013f8e75900ae0dfe2d7aa973d.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\f0a7c78856b9c75eb06758dcf34c71a8.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\f8a77e610354530e4c20e6b5a25794fa.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\chrome\content\core\installer.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\defaults\preferences\prefs.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\manifest.xml, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins.json, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\102.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\104.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\13.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\14.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\16.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\17.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\180.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\184.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\192.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\195.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\220.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\221.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\223.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\233.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\242.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\246.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\260.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\262.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\263.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\268.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\273.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\275.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\281.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\289.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\300.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\4.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\47.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\64.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\7.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\78.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\9.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\91.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\plugins\93.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode\background.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\extensionData\userCode\extension.js, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\locale\en-US\translations.dtd, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button1.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button2.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button3.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button4.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\button5.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\crossrider_statusbar.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon128.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon16.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon24.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\icon48.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\panelarrow-up.png, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\popup.html, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\skin.css, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.CrossRider.A, C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\56560a80-995b-47cd-852a-772f3a7ea92b@gmail.com\skin\update.css, Quarantined, [c4c1c12e512a81b5bb230df3a95af20e],
PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, Quarantined, [394c539cf4879b9b0adb0503e2218e72],
PUP.Optional.OneSoftPerDay.A, C:\Users\cynical\AppData\Local\ospd_us_111\upospd_us_111.cyl, Quarantined, [414498570d6e3402f3f3af59c63d7789],
PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111\upospd_us_111.cyl, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd],
PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111\user_profil.cyp, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd],
PUP.Optional.OneSoftPerDay.A, C:\Users\L33tMaN\AppData\Local\ospd_us_111\Download\majospd_gentleus.exe, Quarantined, [1b6a1ad562197eb800e6dc2c1ce733cd],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\onesoftperday_widget.exe, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\predm.exe, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\unins000.dat, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\unins000.exe, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_111\unins000.msg, Quarantined, [bcc91bd4b6c5b77f6a7d1eea9b68b54b],
PUP.Optional.SystemAlerts.A, C:\Users\L33tMaN\AppData\Local\System_Alerts_LLC\DesktopTemperature.exe_Url_z4jwgjlnvqyt4phogilb4bdgkf540uph\1.24.0.0\user.config, Quarantined, [3253747baecdfd397ea37297f01321df],
PUP.Optional.PennyBee.A, C:\Users\cynical\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.3.0\user.config, Quarantined, [e69fe906e794280e55ef86838c77f10f],
PUP.Optional.PennyBee.A, C:\Users\L33tMaN\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.3.0\user.config, Quarantined, [7c0901ee2d4e66d0b78d20e955ae5ea2],
PUP.Optional.DeleteAd.A, C:\ProgramData\DeleteAd\DeleteAd.exe, Quarantined, [e79e36b98af1be78d111d437f112a25e],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Wow that was a lot of dross killed off, run another threat scan with Malwarebytes and post the fresh log...

 

Next,

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Post the the two fresh logs, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin....

Link to post
Share on other sites

ESET always stops at 44% for some reason, but I will try again tonight.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/5/2014
Scan Time: 12:25:22 PM
Logfile: mb2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.05.07
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: L33tMaN

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 439298
Time Elapsed: 8 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Eset was previously installed on this system, so I wasn't able to change any of the settings before the scan; it just started after updating.

(Also, I was unable to turn off Security Essentials; there was no option under 'settings', no matter what Microsoft says.)

Do I need to remove the threats when this scan is over, or do I just uninstall it?

Link to post
Share on other sites

Over 9 hours of scanning - 244 items found, 33874 files scanned, but it appears to be unresponsive.

Here is the log after shutting it down:

 

C:\AdwCleaner\Quarantine\C\monitor.exe.vir    Win32/AdWare.Loadshop.A application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll.vir    Win32/Toolbar.Conduit.AC potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\GFFUpdater.exe.vir    a variant of Win32/YourFileDownloader.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\GoforFiles.exe.vir    a variant of Win32/YourFileDownloader.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir    Win32/Mobogenie.A potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir    Win32/NextLive.A potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\savings explorer\ButtonUtil.dll.vir    a variant of Win32/Toolbar.CrossRider.G potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\savings explorer\Savings Explorer-bg.exe.vir    a variant of Win32/Toolbar.CrossRider.H potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\savings explorer\Savings Explorer.exe.vir    a variant of Win32/Toolbar.CrossRider.H potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch\uninstall.exe.vir    Win32/SProtector.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3287802\UninstallerUI.exe.vir    a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application    
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3306061\UninstallerUI.exe.vir    a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\Chrome\CT3287802\CHUninstaller.exe.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\Chrome\CT3287802\UninstallerUI.exe.vir    a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Conduit\Chrome\CT3306061\UninstallerUI.exe.vir    a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.24.3.503_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.0.540_0\APISupport\APISupport.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.0.540_0\nativeMessaging\TBMessagingHost.exe.vir    Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.9.505_0\APISupport\APISupport.dll.vir    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.26.21_0\extensionData\plugins\103_intext_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc\1.0\ujXSQ.js.vir    Win32/Adware.MultiPlug.H application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.24.3.503_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.0.540_0\APISupport\APISupport.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.0.540_0\nativeMessaging\TBMessagingHost.exe.vir    Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.9.505_0\APISupport\APISupport.dll.vir    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe\2.19\Nig9K.js.vir    Win32/Adware.MultiPlug.H application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_10\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_4\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_6\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_7\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3287802\1_0_0_9\TBMessagingHost.exe.vir    Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\NativeMessaging\CT3306061\1_0_0_6\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Temp\NativeMessaging\CT3287802\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Local\Temp\NativeMessaging\CT3306061\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\hk64tbSwe0.dll.vir    Win64/Toolbar.Conduit.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\hk64tbSwee.dll.vir    a variant of Win64/Toolbar.Conduit.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\hktbSwe0.dll.vir    Win32/Toolbar.Conduit.X potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\hktbSwee.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\ldrtbSwe0.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\ldrtbSwee.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\tbSwe0.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\tbSwe1.dll.vir    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\tbSwee.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\SweetPacks\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\hk64tbVisu.dll.vir    Win64/Toolbar.Conduit.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\hktbVisu.dll.vir    Win32/Toolbar.Conduit.X potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\ldrtbVisu.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\tbVisu.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\LocalLow\VisualBee_V.3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\102_dealply_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\103_intext_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\104_jollywallet_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\105_corticas_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\126_revizer_ws_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\127_revizer_p_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\155_ibario_pops_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\184_noproblemppc_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\189_active_sanity.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\191_ciuvo_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\200_foxydeal_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\204_pricedetect_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\91_monetizationLoader.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\102_dealply_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\103_intext_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\104_jollywallet_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\105_corticas_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\108_icm_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\119_similar_web_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\120_luck_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\123_intext_adv_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\125_arcadi2_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\126_revizer_ws_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\127_revizer_p_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\128_superfish_pricora_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\135_arcadi3_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\138_getdeal_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\141_corticas_ru_m.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\142_intext_fa_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\159_cortica_rollover_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\175_coolmirage_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\180_bpo_serp_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\184_noproblemppc_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\189_active_sanity.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\190_pops_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\191_ciuvo_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\195_icm_convertmedia_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\197_kreapixel_pops_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\200_foxydeal_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\204_pricedetect_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\91_monetizationLoader.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\103_intext_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\91_monetizationLoader.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\101_cortica_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\102_dealply_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\103_intext_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\104_jollywallet_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\105_corticas_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\108_icm_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\116_ads_only_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\119_similar_web_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\120_luck_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\123_intext_adv_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\125_arcadi2_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\126_revizer_ws_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\127_revizer_p_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\128_superfish_pricora_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\129_widdit_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\135_arcadi3_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\138_getdeal_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\142_intext_fa_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\155_ibario_pops_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\159_cortica_rollover_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\175_coolmirage_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\91_monetizationLoader.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\92_superfish_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\ds_3w@eiaxcdaob-.co.uk\content\bg.js.vir    Win32/Adware.MultiPlug.H application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\sfaeya-oui@iuuuiyqvh.org\content\bg.js.vir    Win32/Adware.MultiPlug.H application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\staged\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\91_monetizationLoader.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\xd1-eooy@zrpztuay.org\content\bg.js.vir    Win32/Adware.MultiPlug.H application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir    Win32/DealPly.J potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{bf9194c2-b86d-4ebc-9b53-1c08b6ff779e}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.400.4_0\APISupport\APISupport.dll.vir    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.400.4_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.9.505_0\APISupport\APISupport.dll.vir    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3\hk64tbVisu.dll.vir    Win64/Toolbar.Conduit.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3\hktbVisu.dll.vir    Win32/Toolbar.Conduit.X potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3\ldrtbVisu.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3\tbVisu.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\91_monetizationLoader.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com\extensionData\plugins\91_monetizationLoader.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\windows\score.exe.vir    Win32/Agent.WGA trojan    
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application    
C:\AdwCleaner\Quarantine\C\windows\System32\drivers\netfilter64.sys.vir    a variant of Win64/Riskware.NetFilter.F application    
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\ARFC\wrtc.exe.vir    a variant of Win32/Toolbar.Perion.G potentially unwanted application    
C:\FRST\Quarantine\C\monitorsvc.exe.xBAD    Win32/AdWare.Loadshop.A application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\5639a013-5a88-4d30-99fe-a7151180e009.dll    a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\7811b4e1-cc43-4429-852a-998646c16bc7.exe    a variant of Win32/Toolbar.CrossRider.AS potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bg.exe    a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho.dll    a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-bho64.dll    a variant of Win64/Toolbar.Crossrider.J potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\Browser+ Apps+-codedownloader.exe    a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\d0129b8e-caeb-4107-8574-418aabad4b13.exe    a variant of Win32/Toolbar.CrossRider.AG potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-11.exe    a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-2.exe    a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-3.exe    a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-4.exe    a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-5.exe    a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-6.exe    a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-64.exe    a variant of Win64/Toolbar.Crossrider.I potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\Browser+ Apps+\e44f9199-0b4d-467f-bc3d-08e536696e26-7.exe    a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application    
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe    a variant of Win32/ShopperPro.A potentially unwanted application    
C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb\1.0\QHz.js    Win32/Adware.MultiPlug.H application    
C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.26.25_0\extensionData\plugins\103_intext_5_m.js    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob\1.26.25_0\extensionData\plugins\91_monetizationLoader.js.js    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc\1.0\ujXSQ.js    Win32/Adware.MultiPlug.H application    
C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe\2.19\Nig9K.js    Win32/Adware.MultiPlug.H application    
C:\FRST\Quarantine\C\Users\L33tMaN\AppData\Local\Temp\optprosetup.exe.xBAD    multiple threats    
C:\Program Files (x86)\Maxwebsearch\uninstall.exe    a variant of MSIL/Adware.iBryte.A application    
C:\Program Files (x86)\RCP\systweakasp.exe    Win32/Systweak.E potentially unwanted application    
C:\Program Files (x86)\Sk.Enhancer\uninstall.exe    a variant of Win32/SProtector.B potentially unwanted application    
C:\Program Files (x86)\Star Defender 3\uninstall.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    
C:\ProgramData\InstallMate\{0518109C-A77C-4855-AABE-EF5EDEFB326A}\Custom.dll    Win32/InstalleRex.L potentially unwanted application    
C:\Users\All Users\InstallMate\{0518109C-A77C-4855-AABE-EF5EDEFB326A}\Custom.dll    Win32/InstalleRex.L potentially unwanted application    
C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.20.3.20_0\plugins\ConduitChromeApiPlugin.dll    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.20.3.20_0\plugins\TBVerifier.dll    Win32/Toolbar.Conduit.AC potentially unwanted application    
C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.22.5.700_0\nativeMessaging\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.22.5.700_0\plugins\ConduitChromeApiPlugin.dll    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    
C:\Users\cynical\AppData\Local\Chromium\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd\10.22.5.700_0\TBHostSupport\TBHostSupport.dll    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application    
C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb\1.0\QHz.js    Win32/Adware.MultiPlug.H application    
C:\Users\cynical\AppData\Roaming\0F0C1V0V1L1C2Z2Y1T1I0F1T1H1L1I1L1P1B\Virtual Families Packages\uninstaller.exe    a variant of Win32/InstallCore.AZ potentially unwanted application    
C:\Users\cynical\Desktop\World of Warplanes Cheat.exe    a variant of MSIL/Hoax.FakeHack.ES application    
C:\Users\cynical\Downloads\AIX_2.0_CORE_MOD.exe    a variant of Win32/Packed.ExeScript.B trojan    
C:\Users\cynical\Downloads\StarDefender3Setup.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    
C:\Users\cynical\Downloads\super-mario-cross.exe    a variant of Win32/InstallCore.BY potentially unwanted application    
C:\Users\cynical\Downloads\wordpad-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd\15221.2542.7258_0\extensionData\plugins\91.js    JS/Toolbar.Crossrider.B potentially unwanted application    
C:\Users\L33tMaN\AppData\Local\Installer\Install_7960\setup.exe    a variant of Win32/SpeedBit.A potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF10.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF11.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF12.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF13.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF14.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF15.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF16.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF17.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF18.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF19.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF2.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF20.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF21.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF22.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF23.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF24.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF25.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF26.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF27.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF28.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF29.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF4.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF5.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF7.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF8.dll    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application    
C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF9.dll    Win32/Toolbar.SearchSuite potentially unwanted application    
C:\Users\L33tMaN\Downloads\adobe_flash_setup (1).exe    a variant of Win32/InstallCore.QL potentially unwanted application    
C:\Users\L33tMaN\Downloads\adobe_flash_setup (2).exe    a variant of Win32/InstallCore.QL potentially unwanted application    
C:\Users\L33tMaN\Downloads\adobe_flash_setup.exe    a variant of Win32/InstallCore.QL potentially unwanted application    
C:\Users\L33tMaN\Downloads\IDM2.exe    a variant of Win32/Idmsq.A potentially unwanted application    
C:\Windows\uninst.exe    a variant of Win32/PCCleaners potentially unwanted application    
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll    a variant of Win32/Toolbar.Linkury.G potentially unwanted application    
 

Link to post
Share on other sites

As the log is not complete we need to run once more. Lets try a different tack..

 

Unistall the version of ESET you have installed:

 

  • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
  • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 
Next,
 
Run Eset Online Scanner (remember to turn off security)
 
**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.
 
(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)
 
Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.
 

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is Ticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

Link to post
Share on other sites

dr_web_cureit_zpse80d87bf.jpg

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

 

  • The file will be randomly named

  • Reboot to safe mode

  • Run Dr Web

  • Tick the I agree box and select continue

  • Click select objects for scanning

  •  

     

    drwebselect.JPG

     

     

  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats

     

     

    drwebfolders.JPG

     

     

  • Press start scan
  • The scan will now commence

     

     

    drwebscan.JPG

     

     

  • Once the scan has finished click open report

     

     

    drwebscancomplete.JPG

     

     

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

 

This log will be excessive,  Attach it to your next reply… let me know if there are any remaining issues or concerns....

 

Thanks,

 

Kevin..

Link to post
Share on other sites

This computer doesn't seem able to start in safe mode; this was the original trouble.

As it's an Alienware, you cannot see the start-up screen to access this mode, unless you get a different cable.

Is 'clean boot mode' the same as 'safe mode'?

Link to post
Share on other sites

Try DrWeb this way....

 

dr_web_cureit_zpse80d87bf.jpg

  • Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  • Shutdown your antivirus to avoid any conflicts while scanning.
  • Once the scans have completed please re-enable your antivirus.
  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  • If needed you can also temporarily disable it from starting with Windows
  • Temporarily turn off any other security add-ons or applications you may also have.
  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  • If it does not have a Digital Signature then do not run it.
  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  • Click on the Yes button to start the installer.
  • Click OK to scan your computer in the Enhanced Protection Mode
  • Click on the check box to agree to participate in their software improvement program.
  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  • Then click on the Start scanning button.
  • If a threat is found you can click on the Action column in the program.
  • Your options will be Cure or Ignore
  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  • Then click on the Neutralize button.
  • Once completed click on the green Open Report link. It will open the report in NOTEPAD
  • Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit!
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
  • Re-Enable your antivirus and other security programs when all done.

 

Kevin...

Link to post
Share on other sites

'No threats were found.'

Why does posting this log cause my browser to crash?!

I am posting this on a MAC and every time I try to paste the log, the browser (FF) crashes very hard.

Is this a type of file that is not to be pasted?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.