Jump to content

MBAM Hangs Even In WinXP Safe mode


Recommended Posts

  • 2 weeks later...
  • Root Admin

Hello @helpintoledo

Very sorry for the delay. Let me have you run the following please and we'll see about getting you going again.

 

 

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Microsoft Windows XP x86 
Ran by Eric (Administrator) on Sun 03/26/2017 at 15:19:03.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 25 

Failed to delete: C:\Program Files\wajam (Folder) 
Successfully deleted: C:\Documents and Settings\Eric\Application Data\babylontoolbar (Folder) 
Successfully deleted: C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml (File) 
Successfully deleted: C:\user.js (File) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR4V6MIW (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GX03ELIZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IGYYV77O (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPAVSHQJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OC7HLQOR (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QB1WB63I (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V9R8S9FJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W5XVJW47 (Temporary Internet Files Folder) 
Successfully deleted: C:\Program Files\coupons (Folder) 
Successfully deleted: C:\Program Files\i want this (Folder) 
Successfully deleted: C:\Program Files\need2find (Folder) 
Successfully deleted: C:\Program Files\viewpoint (Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BR4V6MIW (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX03ELIZ (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IGYYV77O (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KPAVSHQJ (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OC7HLQOR (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QB1WB63I (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\V9R8S9FJ (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W5XVJW47 (Temporary Internet Files Folder) 

pref(extensions.crossriderapp2258.autorun, true);
pref(extensions.crossriderapp2258.revertsengine, true);
pref(extensions.crossriderapp2258.defnewtab, true);
pref(extensions.crossriderapp2258.firstrun, true);
pref(extensions.crossriderapp2258.reverthp, false);
pref(extensions.crossriderapp2258.bic, 0);
pref(extensions.crossriderapp2258.cid, 0);
pref(extensions.crossriderapp2258.emailsig, true);
pref(extensions.crossriderapp2258.emailsigstr, );
pref(extensions.crossriderapp2258.js, );
pref(extensions.crossriderapp2258.jsver, 0);
pref(extensions.crossriderapp2258.homepage, );
pref(extensions.crossriderapp2258.apps, );
pref(extensions.crossriderapp2258.lastcheck, 0);
pref(extensions.crossriderapp2258.lastcheckitem, 0);
pref(extensions.crossriderapp2258.updating, false);
pref(extensions.crossriderapp2258.hadappinstalled, false);
pref(extensions.crossriderapp2258.debug, false);
pref(extensions.crossriderapp2258.debug_url, );
pref(extensions.crossriderapp2258.debug_background_url, );
pref(extensions.crossriderapp2258.debug_app, 2258);
pref(extensions.crossriderapp2258.debug_workers_messages, false);
pref(extensions.crossriderapp2258.installationdate, 0);
pref(extensions.crossriderapp2258.instant, true);
pref(extensions.crossriderapp2258.premiumonly, true);
pref(extensions.crossriderapp2258.is_staging, false);

Registry: 7 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\WajamUpdater (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/26/2017 at 15:20:40.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v6.044 - Logfile created 26/03/2017 at 15:28:03
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-02-28.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Eric - ERICNKIM
# Running from : G:\AntiVirusWinXP\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: WajamUpdater


***** [ Folders ] *****

[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Babylon
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Trymedia
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Viewpoint
[-] Folder deleted: C:\Program Files\Wajam
[-] Folder deleted: C:\DOCUME~1\Eric\LOCALS~1\Temp\APN-Stub
[-] Folder deleted: C:\DOCUME~1\Eric\LOCALS~1\Temp\APNLogs


***** [ Files ] *****

[-] File deleted: C:\Program Files\Yahoo!\Common\unyt.exe


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall
[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WajamUpdater
[-] Key deleted: HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl.5
[-] Key deleted: HKLM\SOFTWARE\Classes\BackWeb.Client.ScriptHelper-7288971
[-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
[-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\wajam.WajamBHO
[-] Key deleted: HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
[-] Key deleted: HKLM\SOFTWARE\Classes\wajam.WajamDownloader
[-] Key deleted: HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Software\BabylonToolbar
[-] Key deleted: HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Software\Crossrider
[-] Key deleted: HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Software\I Want This
[-] Key deleted: HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Software\Wajam
[-] Key deleted: HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\BabylonToolbar
[#] Key deleted on reboot: HKCU\Software\Crossrider
[#] Key deleted on reboot: HKCU\Software\I Want This
[#] Key deleted on reboot: HKCU\Software\Wajam
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Babylon
[-] Key deleted: HKLM\SOFTWARE\P2P Networking
[-] Key deleted: HKLM\SOFTWARE\Trymedia Systems
[-] Key deleted: HKLM\SOFTWARE\Viewpoint
[-] Key deleted: HKLM\SOFTWARE\Wajam
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\P2P Networking
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\wajam.DLL


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [7957 Bytes] - [26/03/2017 15:27:25]
C:\AdwCleaner\AdwCleaner[C0].txt - [8262 Bytes] - [26/03/2017 15:28:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8335 Bytes] ##########

2017-03-26 20:43:35.562    Sophos Virus Removal Tool version 2.5.6
2017-03-26 20:43:35.562    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-03-26 20:43:35.562    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-26 20:43:35.562    Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2017-03-26 20:43:35.562    Checking for updates...
2017-03-26 20:43:36.656    Update progress: proxy server not available
2017-03-26 20:44:03.125    Downloading updates...
2017-03-26 20:44:03.140    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-03-26 20:44:03.140    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-26 20:44:03.140    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-26 20:44:03.140    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-03-26 20:44:03.140    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-03-26 20:44:03.140    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-03-26 20:44:03.140    Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-03-26 20:44:03.140    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-03-26 20:44:03.140    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-03-26 20:44:03.140    Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-03-26 20:44:03.140    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-03-26 20:44:03.140    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-03-26 20:44:03.140    Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product IDE538 LATEST path=]
2017-03-26 20:44:03.140    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-03-26 20:44:03.140    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-03-26 20:44:03.140    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-26 20:44:03.546    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-03-26 20:44:03.546    Update progress: [I19463] Product download size 158884372 bytes
2017-03-26 20:44:03.562    Option all = no
2017-03-26 20:44:03.562    Option recurse = yes
2017-03-26 20:44:03.562    Option archive = no
2017-03-26 20:44:03.562    Option service = yes
2017-03-26 20:44:03.562    Option confirm = yes
2017-03-26 20:44:03.562    Option sxl = yes
2017-03-26 20:44:03.562    Option max-data-age = 35
2017-03-26 20:44:03.562    Option vdl-logging = yes
2017-03-26 20:44:03.812    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-26 20:44:03.812    Machine ID:    91aad92ced7745fabaccc61fd1c14379
2017-03-26 20:44:03.875    Component SVRTcli.exe version 2.5.6
2017-03-26 20:44:03.875    Component control.dll version 2.5.6
2017-03-26 20:44:03.875    Component SVRTservice.exe version 2.5.6
2017-03-26 20:44:03.875    Component engine\osdp.dll version 1.44.1.2280
2017-03-26 20:44:03.875    Component engine\veex.dll version 3.68.0.2280
2017-03-26 20:44:03.875    Component engine\savi.dll version 9.0.7.2280
2017-03-26 20:44:03.906    Component rkdisk.dll version 1.5.31.1
2017-03-26 20:44:03.906    Version info:    Product version    2.5.6
2017-03-26 20:44:03.906    Version info:    Detection engine    3.68.0
2017-03-26 20:44:03.906    Version info:    Detection data    5.36
2017-03-26 20:44:03.906    Version info:    Build date    2/7/2017
2017-03-26 20:44:03.906    Version info:    Data files added    359
2017-03-26 20:44:03.906    Version info:    Last successful update    (not yet updated)
2017-03-26 20:44:20.828    Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-03-26 20:44:20.828    Update progress: [I19463] Product download size 2537599 bytes
2017-03-26 20:44:22.265    Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-03-26 20:44:22.265    Update progress: [I19463] Product download size 2280148 bytes
2017-03-26 20:44:23.453    Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-03-26 20:44:23.453    Update progress: [I19463] Product download size 1834243 bytes
2017-03-26 20:44:24.281    Installing updates...
2017-03-26 20:44:28.562    Error level 1
2017-03-26 20:44:50.000    Update successful
2017-03-26 20:45:17.968    Option all = no
2017-03-26 20:45:17.968    Option recurse = yes
2017-03-26 20:45:17.968    Option archive = no
2017-03-26 20:45:17.968    Option service = yes
2017-03-26 20:45:17.968    Option confirm = yes
2017-03-26 20:45:17.968    Option sxl = yes
2017-03-26 20:45:17.968    Option max-data-age = 35
2017-03-26 20:45:17.968    Option vdl-logging = yes
2017-03-26 20:45:18.093    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-26 20:45:18.093    Machine ID:    91aad92ced7745fabaccc61fd1c14379
2017-03-26 20:45:18.125    Component SVRTcli.exe version 2.5.6
2017-03-26 20:45:18.140    Component control.dll version 2.5.6
2017-03-26 20:45:18.140    Component SVRTservice.exe version 2.5.6
2017-03-26 20:45:18.140    Component engine\osdp.dll version 1.44.1.2280
2017-03-26 20:45:18.140    Component engine\veex.dll version 3.68.0.2280
2017-03-26 20:45:18.140    Component engine\savi.dll version 9.0.7.2280
2017-03-26 20:45:18.140    Component rkdisk.dll version 1.5.31.1
2017-03-26 20:45:18.140    Version info:    Product version    2.5.6
2017-03-26 20:45:18.156    Version info:    Detection engine    3.68.0
2017-03-26 20:45:18.156    Version info:    Detection data    5.36
2017-03-26 20:45:18.156    Version info:    Build date    2/7/2017
2017-03-26 20:45:18.156    Version info:    Data files added    360
2017-03-26 20:45:18.171    Version info:    Last successful update    3/26/2017 4:44:50 PM

2017-03-26 21:25:46.562    >>> Virus 'Mal/Generic-L' found in file C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\IE1T23K0\scandsk107d_8001[1].exe
2017-03-26 21:25:46.671    >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-2801439982-1180395095-3134616843-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
2017-03-26 21:25:46.671    >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
2017-03-26 21:25:46.671    >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
2017-03-26 21:25:46.671    >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
2017-03-26 21:46:35.312    Could not open LOGICAL:0003:00000000
2017-03-26 21:46:35.312    Could not open D:\
2017-03-26 21:46:35.312    Could not open LOGICAL:0004:00000000
2017-03-26 21:46:35.312    Could not open E:\
2017-03-26 21:46:35.328    Could not open LOGICAL:0005:00000000
2017-03-26 21:46:35.328    Could not open F:\
2017-03-26 21:47:11.312    The following items will be cleaned up:
2017-03-26 21:47:11.312    Mal/Generic-L

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Eric (administrator) on ERICNKIM (26-03-2017 18:43:09)
Running from G:\AntiVirusWinXP
Loaded Profiles: Eric (Available Profiles: Eric & Kim & Bry N Morgan & Ean & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lexmark International, Inc.) C:\WINDOWS\System32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\System32\LEXPPS.EXE
() C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.EXE
( ) C:\WINDOWS\System32\slserv.exe
(LapLink, Inc.) C:\WINDOWS\System32\TSIRCSRV.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe
(Farbar) G:\AntiVirusWinXP\FRST (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [65024 2004-02-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PinnacleDriverCheck] => C:\WINDOWS\System32\PSDrvCheck.exe [406016 2003-11-10] ()
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()
Startup: C:\Documents and Settings\Kim\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()
Startup: C:\Documents and Settings\Bry N Morgan\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()
Startup: C:\Documents and Settings\Ean\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43
Tcpip\..\Interfaces\{D0E3B14E-8C92-460F-9E7D-ABA4E432880F}: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43

Internet Explorer:
==================
HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
Toolbar: HKU\S-1-5-21-2801439982-1180395095-3134616843-1006 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {3253344D-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} 
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default [2012-01-08]
FF Extension: (I Want This) - C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\Extensions\crossriderapp2258@crossrider.com [2012-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll [2012-08-27] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2801439982-1180395095-3134616843-1006: @adobe.com/Acrobat,version=5.1 -> C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll [2002-08-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Eric\Application Data\mozilla\plugins\npPxPlay.dll [2007-05-02] ( )

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Documents and Settings\Kim\Local Settings\Application Data\Wajam\Chrome\wajam_121.crx [2012-01-30]
CHR HKLM\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Documents and Settings\Kim\Local Settings\Application Data\I Want This\Chrome\I Want This.crx [2011-12-23]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 KodakCCS; C:\WINDOWS\system32\drivers\KodakCCS.exe [411920 2005-03-30] (Eastman Kodak Company)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-09-23] (Lexmark International, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S2 NetFxUpdate_v1.1.4322; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) [File not signed]
R2 NsEngine; C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe [118784 2002-12-19] () [File not signed]
S3 PhnxVCDService; C:\WINDOWS\System32\PhnxCDSvr.exe [36864 2004-01-07] (Phoenix Technologies Ltd.) [File not signed]
R2 SLService; C:\WINDOWS\system32\slserv.exe [45056 2003-08-11] ( )
R2 TSIRCSRV; C:\WINDOWS\System32\TSIRCSRV.EXE [102400 2003-06-18] (LapLink, Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2003-12-11] (Sensaura Ltd)
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [610988 2004-02-18] (Realtek Semiconductor Corp.)
R3 ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [11264 2003-11-28] (Pinnacle Systems GmbH) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2004-09-02] (Windows (R) 2000 DDK provider) [File not signed]
S2 Ca536av; C:\WINDOWS\System32\Drivers\Ca536av.sys [514859 2003-09-05] (Digital Camera)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [62976 2004-02-03] (Pinnacle Systems GmbH) [File not signed]
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1368000 2005-12-15] (C-Media Inc)
R1 DcCam; C:\WINDOWS\System32\DRIVERS\DcCam.sys [36950 2005-03-31] (Eastman Kodak Company)
S3 DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [61564 2005-03-31] (Eastman Kodak Company)
R2 DCFS2K; C:\WINDOWS\System32\drivers\dcfs2k.sys [38673 2005-03-31] (Eastman Kodak Company)
S3 DcLps; C:\WINDOWS\System32\DRIVERS\DcLps.sys [8022 2005-03-31] (Eastman Kodak Company)
S3 DcPTP; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [70262 2005-03-31] (Eastman Kodak Company)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59968 2017-02-24] ()
S1 Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [152081 2005-03-31] (Eastman Kodak Company)
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc.              )
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [40960 2002-10-28] (VIA Technologies, Inc.              )
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-03-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [219584 2017-03-26] (Malwarebytes)
R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [221848 2003-11-12] ( )
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1301776 2003-10-26] ( )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [167352 2003-08-11] ( )
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-04-10] (Padus, Inc.) [File not signed]
R3 PhnxVcd; C:\WINDOWS\System32\Drivers\PhnxVcd.sys [34688 2004-01-05] (Phoenix Technologies Ltd.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2004-09-23] (Sonic Solutions) [File not signed]
S3 RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [13776 2004-08-04] (Smart Link)
R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [548888 2003-08-18] ( )
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [86872 2003-10-26] ( )
R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [39348 2003-07-02] (Vireo Software)
R3 TSIKBF5; C:\WINDOWS\system32\Drivers\TSIKBF5.sys [9728 2003-06-18] (LapLink, Inc.)
R3 TSIMSF5; C:\WINDOWS\system32\Drivers\TSIMSF5.sys [5632 2003-06-18] (LapLink, Inc.) [File not signed]
S1 TSIRCINK; C:\WINDOWS\system32\Drivers\TSIRCINK.sys [9216 2003-06-18] (LapLink, Inc.) [File not signed]
R1 tsircmir; C:\WINDOWS\System32\Drivers\tsircmir.sys [2816 2003-06-18] (LapLink, Inc.) [File not signed]
R2 TSIREGMO; C:\WINDOWS\system32\drivers\tsiregmo.sys [5824 2003-06-18] (LapLink, Inc.) [File not signed]
R2 TSISER; C:\WINDOWS\system32\Drivers\TSISER.sys [42560 2003-06-18] (LapLink, Inc.) [File not signed]
R2 TSISTRMX; C:\WINDOWS\system32\Drivers\TSISTRMX.sys [5120 2003-06-18] (LapLink, Inc.) [File not signed]
S3 USBCamera; C:\WINDOWS\System32\Drivers\Bulk536.sys [11048 2003-05-14] (USB BULK)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [153472 2004-07-01] (Copyright (C) VIA/S3 Graphics Co, Ltd.)
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaidexp.sys [6144 2001-10-18] (VIA Technologies, Inc.)
R0 viasraid; C:\WINDOWS\System32\DRIVERS\viasraid.sys [77312 2003-10-30] (VIA Technologies inc,.ltd)
R0 VOBID; C:\WINDOWS\System32\DRIVERS\vobid.sys [29239 2003-08-01] (Pinnacle Systems) [File not signed]
R1 vobiw; C:\WINDOWS\system32\Drivers\vobiw.sys [187392 2004-02-20] (Pinnacle Systems GmbH) [File not signed]
S4 hpt3xx; no ImagePath
S4 IntelIde; no ImagePath
S2 mrtRate; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 vobcom; C:\Windows\System32\Drivers\vobcom.sys [9728 2001-10-04] (VOB Computersysteme GmbH) [File not signed]
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-26 16:44 - 2017-03-26 16:44 - 00000000 ____D C:\WINDOWS\LastGood
2017-03-26 16:43 - 2017-03-26 16:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2017-03-26 15:40 - 2017-03-26 16:43 - 00002465 _____ C:\Documents and Settings\All Users\Desktop\Sophos Virus Removal Tool.lnk
2017-03-26 15:40 - 2017-03-26 15:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
2017-03-26 15:35 - 2017-03-26 15:35 - 00000000 ____D C:\Program Files\Sophos
2017-03-26 15:25 - 2017-03-26 15:25 - 00000000 ____D C:\AdwCleaner
2017-03-13 21:06 - 2017-03-13 21:06 - 00000000 ____D C:\FRST
2017-03-12 20:54 - 2017-03-12 20:54 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2017-03-11 20:59 - 2017-03-12 20:55 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-11 20:58 - 2017-03-26 15:31 - 00219584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-11 20:58 - 2017-03-26 09:33 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-11 20:58 - 2017-03-11 20:58 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-11 20:58 - 2017-02-24 06:23 - 00059968 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-03-11 16:34 - 2017-03-11 16:34 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2808679$
2017-03-11 13:29 - 2017-03-11 13:29 - 00000000 __SHD C:\FOUND.087
2017-03-11 12:18 - 2017-03-11 12:18 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2802968$
2017-03-11 12:17 - 2017-03-11 12:17 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2757638$
2017-03-11 12:10 - 2017-03-26 15:30 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-03-11 12:10 - 2017-03-11 13:30 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-26 18:41 - 2012-04-04 19:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-26 16:26 - 2012-08-27 16:21 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2801439982-1180395095-3134616843-1008Core.job
2017-03-26 15:30 - 2004-05-05 16:35 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2017-03-26 15:29 - 2003-01-01 00:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-26 15:28 - 2003-01-18 06:54 - 00000178 ___SH C:\Documents and Settings\Eric\ntuser.ini
2017-03-26 15:28 - 2003-01-01 00:10 - 00032466 _____ C:\WINDOWS\SchedLgU.Txt
2017-03-26 14:26 - 2012-08-03 14:21 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2801439982-1180395095-3134616843-1007Core1cd71a4cd63a616.job
2017-03-26 09:32 - 2012-01-05 21:46 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-03-26 09:32 - 2012-01-03 06:42 - 00663820 _____ C:\WINDOWS\ntbtlog.txt
2017-03-12 20:52 - 2003-01-01 00:02 - 00707192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-11 16:33 - 2003-01-01 00:03 - 00599832 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-11 16:31 - 2003-01-01 00:03 - 00001374 _____ C:\WINDOWS\imsins.BAK
2017-03-11 14:11 - 2004-05-05 16:35 - 00000931 _____ C:\WINDOWS\win.ini
2017-03-11 14:11 - 2004-05-05 16:35 - 00000227 _____ C:\WINDOWS\system.ini
2017-03-11 14:11 - 2004-05-05 16:35 - 00000211 __RSH C:\boot.ini

==================== Files in the root of some directories =======

2003-01-18 06:54 - 2004-09-09 11:49 - 0002048 _____ () C:\Documents and Settings\Eric\Application Data\user60.rdb
2003-01-18 06:54 - 2004-09-09 11:21 - 0000079 _____ () C:\Documents and Settings\Eric\Application Data\sversion.ini
2005-03-21 14:48 - 2005-03-21 14:48 - 0012358 _____ () C:\Documents and Settings\Eric\Application Data\PFP110JCM.{PB
2005-03-21 14:48 - 2005-03-21 14:48 - 0061678 _____ () C:\Documents and Settings\Eric\Application Data\PFP110JPR.{PB
2004-12-07 13:41 - 2009-06-29 22:42 - 0015872 _____ () C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2003-01-18 03:04 - 2004-01-07 11:51 - 0036864 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Default User\Local Settings\Temp\PhnxCDSvr.exe
2003-01-18 03:04 - 2003-11-21 19:40 - 0024576 _____ () C:\Documents and Settings\Default User\Local Settings\Temp\mvfile.exe
2003-01-18 03:04 - 2004-01-07 11:51 - 0184320 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Default User\Local Settings\Temp\phnxvaul.dll
2003-01-18 03:04 - 2003-04-01 10:32 - 0061440 _____ () C:\Documents and Settings\Default User\Local Settings\Temp\installutilities.dll
2003-01-18 03:04 - 2003-12-08 15:54 - 0062976 _____ (America Online, Inc.) C:\Documents and Settings\Default User\Local Settings\Temp\insmac2k.dll
2003-01-18 03:04 - 2004-04-07 11:36 - 0172032 _____ (America Online, Inc) C:\Documents and Settings\Default User\Local Settings\Temp\AcsInstall.dll
2003-01-18 03:04 - 2001-08-18 04:00 - 0032768 _____ (Microsoft Corporation) C:\Documents and Settings\Default User\Local Settings\Temp\mun51.exe
2003-01-18 03:04 - 2004-08-27 14:11 - 0446160 _____ (Microsoft Corp.) C:\Documents and Settings\Default User\Local Settings\Temp\MsnMusic.exe
2003-01-18 03:04 - 2004-08-09 23:21 - 0245408 _____ (Microsoft Corporation) C:\Documents and Settings\Default User\Local Settings\Temp\unicows.dll
2007-02-11 18:49 - 2006-10-27 19:25 - 0455600 ____R (Macrovision Corporation) C:\Documents and Settings\Kim\Local Settings\Temp\_is81.exe
2005-02-23 17:18 - 2005-02-23 17:18 - 0241664 _____ (AWS Convergence Technologies, Inc.) C:\Documents and Settings\Kim\Local Settings\Temp\MiniBug.exe
2006-02-12 12:28 - 2004-02-11 16:58 - 0024613 _____ (BackWeb) C:\Documents and Settings\Kim\Local Settings\Temp\IadHide5.dll
2006-12-18 15:41 - 2006-12-18 15:41 - 12550696 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\msgup_us.exe
2006-09-26 23:35 - 2006-09-26 23:34 - 0094288 ____N (AOL LLC) C:\Documents and Settings\Kim\Local Settings\Temp\instph.dll
2005-09-12 15:52 - 2005-09-12 15:52 - 0381480 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\msgr7us.exe
2005-10-05 15:52 - 2005-10-05 15:53 - 1275819 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\CDASilentInstall0501.exe
2005-09-02 16:55 - 2005-09-02 16:55 - 1229769 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\cdaSilentInstall.exe
2005-10-11 00:32 - 2004-12-03 15:34 - 0058464 _____ (Yahoo! Inc.) C:\Documents and Settings\Kim\Local Settings\Temp\wyb64.dll
2007-02-28 18:07 - 2006-11-02 14:48 - 1162280 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\ytb_inst.exe
2007-02-27 17:51 - 2006-11-06 10:20 - 0098304 _____ (Yahoo! Inc.) C:\Documents and Settings\Kim\Local Settings\Temp\ywiseext.dll
2004-12-05 16:11 - 2004-12-05 16:11 - 0316209 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\_quicktour_nue.exe
2006-09-12 12:59 - 2006-09-12 12:59 - 0962072 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\ytb_6.3.4.0_pub_us_setup_.exe
2006-10-25 02:21 - 2005-10-27 11:24 - 1896448 _____ (RealNetworks) C:\Documents and Settings\Kim\Local Settings\Temp\GoogleInstApp.exe
2006-10-25 02:21 - 2006-10-25 02:21 - 0743016 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\GDSSetup.exe
2006-10-25 02:21 - 2006-10-25 02:21 - 0745472 _____ (Google Inc.) C:\Documents and Settings\Kim\Local Settings\Temp\GoogleToolbar.dll
2006-10-25 02:21 - 2006-10-25 02:21 - 0094208 _____ (Google, Inc) C:\Documents and Settings\Kim\Local Settings\Temp\BarControl.dll
2007-02-28 18:06 - 2006-12-01 05:49 - 10376696 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\ymsgr_inst.exe
2007-08-29 19:08 - 2007-08-29 19:08 - 0606000 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\messenger_update.exe
2016-11-27 13:37 - 2016-11-27 14:01 - 0248008 _____ (Ask.com) C:\Documents and Settings\Kim\Local Settings\Temp\AskSLib.dll
2003-01-18 06:54 - 2004-08-09 23:21 - 0245408 _____ (Microsoft Corporation) C:\Documents and Settings\Eric\Local Settings\Temp\unicows.dll
2003-01-18 06:54 - 2004-08-27 14:11 - 0446160 _____ (Microsoft Corp.) C:\Documents and Settings\Eric\Local Settings\Temp\MsnMusic.exe
2003-01-18 06:54 - 2001-08-18 04:00 - 0032768 _____ (Microsoft Corporation) C:\Documents and Settings\Eric\Local Settings\Temp\mun51.exe
2003-01-18 06:54 - 2003-12-08 15:54 - 0062976 _____ (America Online, Inc.) C:\Documents and Settings\Eric\Local Settings\Temp\insmac2k.dll
2003-01-18 06:54 - 2004-04-07 11:36 - 0172032 _____ (America Online, Inc) C:\Documents and Settings\Eric\Local Settings\Temp\AcsInstall.dll
2003-01-18 06:54 - 2003-04-01 10:32 - 0061440 _____ () C:\Documents and Settings\Eric\Local Settings\Temp\installutilities.dll
2003-01-18 06:54 - 2004-01-07 11:51 - 0184320 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Eric\Local Settings\Temp\phnxvaul.dll
2003-01-18 06:54 - 2004-01-07 11:51 - 0036864 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Eric\Local Settings\Temp\PhnxCDSvr.exe
2003-01-18 06:54 - 2003-11-21 19:40 - 0024576 _____ () C:\Documents and Settings\Eric\Local Settings\Temp\mvfile.exe
2005-05-24 21:57 - 2005-05-24 21:57 - 1252838 _____ () C:\Documents and Settings\Eric\Local Settings\Temp\CDASilentInstall0500.exe
2005-07-11 22:22 - 2004-02-11 16:58 - 0024613 _____ (BackWeb) C:\Documents and Settings\Eric\Local Settings\Temp\IadHide5.dll
2005-07-11 22:13 - 2005-07-11 22:13 - 0425984 _____ (Eastman Kodak Company) C:\Documents and Settings\Eric\Local Settings\Temp\5.0.1.16-EasyShrx.Dll
2012-01-02 14:37 - 2007-08-10 15:10 - 0114688 _____ (Viewpoint Corporation) C:\Documents and Settings\Eric\Local Settings\Temp\vmpremov.exe
2012-01-02 15:04 - 2001-08-30 17:34 - 0016384 _____ () C:\Documents and Settings\Eric\Local Settings\Temp\matcleanup.exe
2012-01-02 14:12 - 2002-12-28 18:32 - 0032768 _____ () C:\Documents and Settings\Eric\Local Settings\Temp\exitwx.exe
2012-01-02 13:22 - 2004-02-06 13:13 - 0114688 ____N () C:\Documents and Settings\Eric\Local Settings\Temp\uninst.dll
2013-01-28 17:20 - 2013-01-28 17:20 - 0248008 _____ (Ask.com) C:\Documents and Settings\Eric\Local Settings\Temp\AskSLib.dll
2006-08-10 16:45 - 2004-08-27 14:11 - 0446160 _____ (Microsoft Corp.) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\MsnMusic.exe
2006-08-10 16:45 - 2001-08-18 04:00 - 0032768 _____ (Microsoft Corporation) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\mun51.exe
2006-08-10 16:45 - 2004-08-09 23:21 - 0245408 _____ (Microsoft Corporation) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\unicows.dll
2006-08-10 16:45 - 2004-04-07 11:36 - 0172032 _____ (America Online, Inc) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\AcsInstall.dll
2006-08-10 16:45 - 2003-12-08 15:54 - 0062976 _____ (America Online, Inc.) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\insmac2k.dll
2006-08-10 16:45 - 2003-04-01 10:32 - 0061440 _____ () C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\installutilities.dll
2006-08-10 16:45 - 2004-01-07 11:51 - 0036864 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\PhnxCDSvr.exe
2006-08-10 16:45 - 2004-01-07 11:51 - 0184320 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\phnxvaul.dll
2006-08-10 16:45 - 2003-11-21 19:40 - 0024576 _____ () C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\mvfile.exe
2006-09-17 13:30 - 2004-02-11 16:58 - 0024613 _____ (BackWeb) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\IadHide5.dll
2012-08-22 23:38 - 2012-08-22 23:38 - 0248008 _____ (Ask.com) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\AskSLib.dll
2012-01-05 21:46 - 2004-08-09 23:21 - 0245408 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\Temp\unicows.dll
2012-01-05 21:46 - 2004-08-27 14:11 - 0446160 _____ (Microsoft Corp.) C:\Documents and Settings\Administrator\Local Settings\Temp\MsnMusic.exe
2012-01-05 21:46 - 2001-08-18 04:00 - 0032768 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\Temp\mun51.exe
2012-01-05 21:46 - 2003-12-08 15:54 - 0062976 _____ (America Online, Inc.) C:\Documents and Settings\Administrator\Local Settings\Temp\insmac2k.dll
2012-01-05 21:46 - 2004-01-07 11:51 - 0184320 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Administrator\Local Settings\Temp\phnxvaul.dll
2012-01-05 21:46 - 2003-04-01 10:32 - 0061440 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\installutilities.dll
2012-01-05 21:46 - 2004-04-07 11:36 - 0172032 _____ (America Online, Inc) C:\Documents and Settings\Administrator\Local Settings\Temp\AcsInstall.dll
2012-01-05 21:46 - 2003-11-21 19:40 - 0024576 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\mvfile.exe
2012-01-05 21:46 - 2004-01-07 11:51 - 0036864 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Administrator\Local Settings\Temp\PhnxCDSvr.exe
2016-11-27 14:41 - 2004-08-09 23:21 - 0245408 _____ (Microsoft Corporation) C:\Documents and Settings\Ean\Local Settings\Temp\unicows.dll
2016-11-27 14:41 - 2004-08-27 14:11 - 0446160 _____ (Microsoft Corp.) C:\Documents and Settings\Ean\Local Settings\Temp\MsnMusic.exe
2016-11-27 14:41 - 2001-08-18 04:00 - 0032768 _____ (Microsoft Corporation) C:\Documents and Settings\Ean\Local Settings\Temp\mun51.exe
2016-11-27 14:41 - 2003-12-08 15:54 - 0062976 _____ (America Online, Inc.) C:\Documents and Settings\Ean\Local Settings\Temp\insmac2k.dll
2016-11-27 14:41 - 2004-01-07 11:51 - 0184320 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Ean\Local Settings\Temp\phnxvaul.dll
2016-11-27 14:41 - 2004-04-07 11:36 - 0172032 _____ (America Online, Inc) C:\Documents and Settings\Ean\Local Settings\Temp\AcsInstall.dll
2016-11-27 14:41 - 2003-04-01 10:32 - 0061440 _____ () C:\Documents and Settings\Ean\Local Settings\Temp\installutilities.dll
2016-11-27 14:41 - 2004-01-07 11:51 - 0036864 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Ean\Local Settings\Temp\PhnxCDSvr.exe
2016-11-27 14:41 - 2003-11-21 19:40 - 0024576 _____ () C:\Documents and Settings\Ean\Local Settings\Temp\mvfile.exe
2013-01-28 17:20 - 2013-01-28 17:20 - 0248008 _____ (Ask.com) C:\Documents and Settings\Ean\Local Settings\Temp\AskSLib.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Eric (26-03-2017 18:44:03)
Running from G:\AntiVirusWinXP
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2003-01-18 11:05:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2801439982-1180395095-3134616843-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2801439982-1180395095-3134616843-1009 - Limited - Enabled)
Bry N Morgan (S-1-5-21-2801439982-1180395095-3134616843-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Bry N Morgan
Ean (S-1-5-21-2801439982-1180395095-3134616843-1010 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Ean
Eric (S-1-5-21-2801439982-1180395095-3134616843-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Eric
Guest (S-1-5-21-2801439982-1180395095-3134616843-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2801439982-1180395095-3134616843-1005 - Limited - Disabled)
Kim (S-1-5-21-2801439982-1180395095-3134616843-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Kim
SUPPORT_388945a0 (S-1-5-21-2801439982-1180395095-3134616843-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D-Album (HKLM\...\3D-Album) (Version:  - )
ABBYY FineReader 5.0 Sprint Plus (HKLM\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.482.3431 - ABBYY Software House)
Ability Photopaint Studio 2002 (HKLM\...\Ability Photopaint Studio 2002) (Version:  - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.1 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Image Viewer Plugin 4.0 (HKLM\...\Adobe Image Viewer Plugin) (Version:  4.0 - Adobe Systems Inc.)
Adobe Photoshop Album Starter Edition (HKLM\...\{483616D1-867E-46F8-BEC7-3C6475933908}) (Version: 1.0 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - )
Atari Anniversary Edition (HKLM\...\Atari Anniversary Edition) (Version:  - )
ATECH FLASH PRO-Gear (HKLM\...\{D5E4F342-4ED4-489E-B0EC-0391248FB774}) (Version:  - )
CCScore (Version: 5.00.0000.0010 - EASTMAN KODAK Company) Hidden
C-Media WDM Audio Driver (HKLM\...\C-Media Audio Driver) (Version:  - )
ESSBrwr (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESScore (Version: 5.00.0000.0035 - EASTMAN KODAK Company) Hidden
ESSCT (Version: 5.00.0000.0101 - EASTMAN KODAK Company) Hidden
ESSEMAIL (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 5.00.0000.0011 - EASTMAN KODAK Company) Hidden
ESShelp (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSini (Version: 5.00.0000.0109 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 5.00.0000.0006 - EASTMAN KODAK Company) Hidden
ESSSONIC (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpaht (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSvpot (Version: 5.00.0000.0101 - EASTMAN KODAK Company) Hidden
ExpensAble 6 (HKLM\...\{EA743326-308F-49B5-8DF9-73D65F0299C9}) (Version: 6.0.0.0 - OneMind Connect, Inc.)
EZ Plug-N-Go (HKLM\...\{54D4B4F1-AA60-4FE2-AA9F-3794DEC9399A}) (Version: 2.1 - )
EZPhoto Browser (HKLM\...\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}) (Version: 2.1 - )
EZPhoto Panorama (HKLM\...\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}) (Version: 2.1 - )
EZPhoto Tools (HKLM\...\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}) (Version: 2.1 - )
EZShowtime MMS (HKLM\...\{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}) (Version: 1.1 - )
EZSuite For BestOn (HKLM\...\{bda8f365-7ee2-4a60-ba96-511673153311}) (Version: 1.0 - )
EZVideo Mail (HKLM\...\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}) (Version: 2.1 - )
FormTool v5 (HKLM\...\{7A8E8A21-835D-44AA-B3D9-104247EA7908}) (Version: 1.00.0000 - IMSI)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HLPIndex (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
HLPSFO (Version: 5.00.0000.0101 - EASTMAN KODAK Company) Hidden
INFOtrac Core Files (HKLM\...\INFOWSSETUP_is1) (Version:  - )
INFOtrac Personal 2003 (HKLM\...\Infotrac_is1) (Version: 6 - )
InterVideo DVDCopy 2 (HKLM\...\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}) (Version: 2.0-B2.28 - InterVideo Inc.)
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.230 - InterVideo Inc.)
Just Grandma and Me (HKLM\...\Just Grandma and Me) (Version:  - )
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (Version: 632.62.0002.0001 - EASTMAN KODAK Company) Hidden
LapLink Gold (HKLM\...\LapLink 2000) (Version:  - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Lexmark X6100 Series (HKLM\...\Lexmark X6100 Series) (Version:  - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version:  - Microsoft Corporation)
Microsoft Excel Viewer 97 (HKLM\...\XLViewer97) (Version:  - )
Microsoft Picture It! Express 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Monopoly Casino (HKLM\...\Monopoly Casino) (Version:  - )
Motorola Driver Installation (HKLM\...\{0D442113-1F96-40DE-948C-5850CE7B8005}) (Version: 1.3.0 - Motorola Inc.)
Motorola USB Drivers (HKLM\...\Motorola USB Drivers) (Version:  - )
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NASCAR Heat (HKLM\...\NASCAR Heat) (Version:  - )
Nero 6 Demo (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Netscape (7.02) (HKLM\...\Netscape (7.02)) (Version:  - )
Notifier (Version: 5.00.0000.0101 - EASTMAN KODAK Company) Hidden
NovaBackup 7 (HKLM\...\{1E888AA9-24E4-44B8-8C2C-B619F09821A6}) (Version: 7.00.5001 - NovaStor Corporation)
OfotoXMI (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
OpenOffice.org 1.0 (HKLM\...\OpenOffice.org 1.0) (Version: 1.0 - Sun Microsystems, Inc.)
OTtBP (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
OTtBPSDK (Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Peachtree First Accounting 2004 (HKLM\...\InstallShield_{CD19E5C2-CAE6-46D8-AAC2-9C30F27BE552}) (Version: 11.00.01 - Best Software SB, Inc)
Peachtree First Accounting 2004 (Version: 11.00.01 - Best Software SB, Inc) Hidden
Personal RecordKeeper (HKLM\...\pr5file) (Version:  - )
Phoenix FirstWare Vault (HKLM\...\InstallShield_{7189085D-C9B1-4941-BEA0-5B3035A92B13}) (Version: 1.3.14.23 - Phoenix Technologies Ltd)
Phoenix FirstWare Vault (Version: 1.3.14.23 - Phoenix Technologies Ltd) Hidden
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - )
Pinnacle InstantCD/DVD Suite (HKLM\...\{6B5D8CB6-0156-4B50-9DAA-618FF9FC18A6}) (Version: 8.1.0.1 - Pinnacle Systems GmbH)
Print to Fax (HKLM\...\{5BF2B19D-9C79-492A-8969-F059F06A627F}) (Version: 1.00 - BVRP Software)
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
Quicken 2003 New User Edition (HKLM\...\InstallShield_{301C291D-1F31-440F-8289-0DDE06F6EFA7}) (Version: 12.00.0000 - Intuit)
Quicken 2003 New User Edition (Version: 12.00.0000 - Intuit) Hidden
Quicken Legal Business Pro 2004 (HKLM\...\Quicken Legal Business Pro 2004) (Version:  - )
Quicken WillMaker Plus 2004 (HKLM\...\Quicken WillMaker Plus 2004) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
RingCentral EasyFax (HKLM\...\RingCentral EasyFax) (Version:  - )
SFR (Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
SKIN0001 (Version: 5.00.0000.0005 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
Smart Attorney 8.0 (HKLM\...\Smart Attorney 8.0) (Version:  - )
Smart Business Plan 8.0 (HKLM\...\Smart Business Plan 8.0) (Version:  - )
Smart Link 56K Voice Modem (HKLM\...\SLAMRNTV) (Version:  - )
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
StuffIt Standard (HKLM\...\{E1F21580-77B0-48CD-A96B-EDF7201A46AC}) (Version:  - )
Take-it MV300 (HKLM\...\{77DD1DCB-0FD4-4942-B7F3-540B52C77C0C}) (Version:  - )
The Print Shop 20 (HKLM\...\{152BF35B-56D7-4652-B519-1661AAC270EE}) (Version: 20.00.0000 - Broderbund Software)
The Rosetta Stone (HKLM\...\The Rosetta Stone) (Version:  - )
TightVNC 2.0.4 (HKLM\...\TightVNC) (Version: 2.0.4 - GlavSoft LLC.)
TurboProject v.4 (HKLM\...\{4BEED434-8D57-11D4-A3B6-008048EE5CCD}) (Version: 4.0.0.0000 - IMSI)
TurboTax ItsDeductible 2006 (HKLM\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit)
Ulead Photo Explorer 8.0 SE Basic (HKLM\...\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}) (Version: 8.0 - Ulead Systems, Inc.)
Ulead Photo Express My Scrapbook 2.0 (HKLM\...\{CF404C21-47EB-4FA5-B920-91746874ED43}) (Version: 2.0 - Ulead Systems)
Ulead VideoStudio 7 SE Basic (HKLM\...\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}) (Version: 7.0 - Ulead Systems, Inc.)
UniChrome Pro IGP Display Driver and Utilities (HKLM\...\S3) (Version:  - )
VIA Integrated Setup Wizard (HKLM\...\InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}) (Version: 0.99 - VIA Technologies, Inc.)
VIA Integrated Setup Wizard (Version: 0.99 - VIA Technologies, Inc.) Hidden
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
VPRINTOL (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
Web Sudoku Deluxe 1.1.1 (HKLM\...\Web Sudoku Deluxe_is1) (Version: 1.1.1 - Web Sudoku)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0540.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WIRELESS (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.2 - Corel Corporation)
WriteExpress 3,001 Business & Sales Letters (HKLM\...\InstallShield_{720DAF8C-F9FD-4236-8EDD-75219B21E276}) (Version: 6.0 - WriteExpress)
WriteExpress 3,001 Business & Sales Letters (Version: 6.0 - WriteExpress) Hidden
Zoner Draw 3 (HKLM\...\{D692E771-F6CC-11D4-83DE-004F4E03F091}) (Version: 3.0.1621.5 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2801439982-1180395095-3134616843-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ISP signup reminder 1.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
Task: C:\WINDOWS\Tasks\ISP signup reminder 2.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2801439982-1180395095-3134616843-1007Core1cd71a4cd63a616.job => C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2801439982-1180395095-3134616843-1008Core.job => C:\Documents and Settings\Bry N Morgan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2004-05-05 16:35 - 2001-08-18 04:00 - 00015360 _____ () C:\WINDOWS\system32\tsd32.dll
2012-02-12 20:09 - 2007-08-21 13:32 - 00098304 _____ () C:\WINDOWS\system32\redmonnt.dll
2004-09-02 21:56 - 2003-07-21 09:13 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBFPP5C.dll
2002-12-19 03:35 - 2002-12-19 03:35 - 00118784 _____ () C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
2002-12-18 14:43 - 2002-12-18 14:43 - 00204800 _____ () C:\Program Files\NovaStor\NovaBackup\7\IdxDB.dll
2002-12-18 14:44 - 2002-12-18 14:44 - 00036864 _____ () C:\Program Files\NovaStor\NovaBackup\7\NsUtils.dll
2003-01-16 17:05 - 2003-01-16 17:05 - 00598016 _____ () C:\Program Files\NovaStor\NovaBackup\7\NsDisc.dll
2002-12-18 14:44 - 2002-12-18 14:44 - 00090112 _____ () C:\Program Files\NovaStor\NovaBackup\7\MailObj.dll
2002-12-19 03:31 - 2002-12-19 03:31 - 00172032 _____ () C:\Program Files\NovaStor\NovaBackup\7\SchDB.dll
2002-12-18 14:46 - 2002-12-18 14:46 - 00098304 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgregistry.dll
2002-12-18 14:47 - 2002-12-18 14:47 - 00167936 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgsysstate.dll
2002-12-18 14:46 - 2002-12-18 14:46 - 00020480 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgsysfile.dll
2002-12-18 14:46 - 2002-12-18 14:46 - 00024576 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgdatabase.dll
2002-12-18 14:46 - 2002-12-18 14:46 - 00020480 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgdbffile.dll
2017-03-11 20:58 - 2017-02-24 06:23 - 01732896 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-05-05 16:35 - 2001-08-18 04:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 72.240.13.7 - 72.240.13.5
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Atari Launcher 2 => C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
MSCONFIG\startupreg: AtariBanner => "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
MSCONFIG\startupreg: LapLink Scheduler => "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
MSCONFIG\startupreg: Lexmark X6100 Series => "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AMERIC~1.0
DomainProfile\AuthorizedApplications: [C:\Program Files\AIM95\aim.exe] => Enabled:AOL Instant Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YPager.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YServer.exe] => Enabled:Yahoo! FT Server
StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AMERIC~1.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Kazaa\kazaa.exe] => Enabled:Kazaa
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe] => Enabled:EasyShare
StandardProfile\AuthorizedApplications: [C:\Program Files\AIM95\aim.exe] => Enabled:AOL Instant Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1159328216\ee\aolsoftware.exe] => Enabled:AOL Services
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1159328216\ee\aim6.exe] => Enabled:AIM
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2006\32BIT\TTAX.EXE] => :LocalSubNet:Enabled:TurboTax
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2006\32BIT\updatemgr.exe] => :LocalSubNet:Enabled:TurboTax Update Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\mna\McNASvc.exe] => Enabled:McAfee Network Agent
StandardProfile\AuthorizedApplications: [C:\Program Files\Savings Bond Wizard\SBWizard.exe] => Enabled:Savings Bond Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe] => Disabled:Kodak Software Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\TightVNC\tvnserver.exe] => Enabled:TightVNC Server
StandardProfile\AuthorizedApplications: [C:\Program Files\TightVNC\vncviewer.exe] => Enabled:TightVNC Viewer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\System32\lexpps.exe] => Disabled:LEXPPS.EXE
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management 
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

19-02-2017 21:47:04 Software Distribution Service 3.0
11-03-2017 13:15:47 Software Distribution Service 3.0
11-03-2017 15:33:13 Software Distribution Service 3.0
11-03-2017 17:10:17 Software Distribution Service 3.0
11-03-2017 17:14:51 Software Distribution Service 3.0
12-03-2017 17:17:15 Software Distribution Service 3.0
26-03-2017 10:39:20 System Checkpoint
26-03-2017 15:19:09 JRT Pre-Junkware Removal
26-03-2017 15:35:22 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

Name: C-Media AC97 Audio Device
Description: C-Media AC97 Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: C-Media
Service: cmuda
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2017 06:43:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/26/2017 06:43:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/26/2017 06:43:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:18 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (03/26/2017 03:30:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft .NET Framework v1.1.4322 Update service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (03/26/2017 03:30:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework v1.1.4322 Update service to connect.

Error: (03/26/2017 03:30:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error: 
The system cannot find the file specified.

Error: (03/26/2017 03:30:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Take-it DV Series service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/26/2017 03:27:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/26/2017 03:27:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/26/2017 03:27:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/26/2017 03:27:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WajamUpdater service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/26/2017 03:27:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TSI Remote Control Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/26/2017 03:27:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SmartLinkService service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info =========================== 

Processor:  Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 447.48 MB
Available physical RAM: 251.46 MB
Total Virtual: 1055.11 MB
Available Virtual: 796.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:178.94 GB) (Free:129.94 GB) FAT32 ==>[drive with boot components (Windows XP)]
Drive g: () (Removable) (Total:7.45 GB) (Free:7.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 179 GB) (Disk ID: 00590059)
Partition 1: (Active) - (Size=179 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Ron, you also mentioned turning AV back on after JRT was run, which leads me to a question I was planning to ask later. I have long ago moved to Linux so I am not up on what no-cost AV solutions are recommended for legacy Windows OS's. They had Norton or McAfee at one point but the license was expired so it was removed just prior to beginning here with the intentions of adding one back when this was complete. Does your group maintain a list of recommended AV products or have a URL to a good resource to help make a decision? I'll even go on your personal opinion/recommendation if you can provide one.

Link to post
Share on other sites

  • Root Admin

Do you have licensed version of Malwarebytes? If so you could use our product as your antivirus protection. If not then you could look at using Avast antivirus which I believe still supports XP.

 

Please go ahead and run the following.

Please visit this web page and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Thanks Ron, I will definitely suggest they purchase the full license for MBAM. I often forget that it is also a full protection suite. 

My ComboFix run appears to have stalled. I let it run overnight just in case and it looks like it never got past the initial "Scanning for infected files... ...scan time for badly infected machines may easily double"

Is there any way I can try to recover the process or any logging that might be helpful to you?

Link to post
Share on other sites

Disregard the previous, perhaps, I just returned form work and see it ran for quite a bit, completed through stage 50, then a section of deleting a litany of files:

mostly in ~User*\Local Settings\Application Data\*,
then a number of WINDOWS\$msi31uninstall_kb893803v2$\*
followed by WINDOWS\WindowsUpdate.log
and finally
Deleting Folders:
Docs & Settings\Administrator\WINDOWS

And here it appears to again be hung. I have no idea when the last movement happened or when it actually began processing, but it was all in the last 12 hours, and it took at least 10 hours to seemingly get started. If there's hope it will complete I will leave it alone and wait.

Link to post
Share on other sites

I did notice there was a process I think it was MBAMService running in the background when I went into taskman to kill the ComboFix processes, that might have been the culprit. Reboot was uneventful. Here are the updated logs per your request:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Eric (administrator) on ERICNKIM (28-03-2017 21:39:01)
Running from G:\AntiVirusWinXP
Loaded Profiles: Eric (Available Profiles: Eric & Kim & Bry N Morgan & Ean & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lexmark International, Inc.) C:\WINDOWS\System32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\System32\LEXPPS.EXE
() C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
( ) C:\WINDOWS\System32\slserv.exe
(LapLink, Inc.) C:\WINDOWS\System32\TSIRCSRV.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe
(Farbar) G:\AntiVirusWinXP\FRST (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [65024 2004-02-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PinnacleDriverCheck] => C:\WINDOWS\System32\PSDrvCheck.exe [406016 2003-11-10] ()
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()
Startup: C:\Documents and Settings\Kim\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()
Startup: C:\Documents and Settings\Bry N Morgan\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()
Startup: C:\Documents and Settings\Ean\Start Menu\Programs\Startup\OpenOffice.org 1.0.lnk [2004-09-09]
ShortcutTarget: OpenOffice.org 1.0.lnk -> C:\Program Files\OpenOffice.org1.0\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43
Tcpip\..\Interfaces\{D0E3B14E-8C92-460F-9E7D-ABA4E432880F}: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43

Internet Explorer:
==================
HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
Toolbar: HKU\S-1-5-21-2801439982-1180395095-3134616843-1006 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {3253344D-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} 
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default [2012-01-08]
FF Extension: (I Want This) - C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\Extensions\crossriderapp2258@crossrider.com [2012-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll [2012-08-27] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2801439982-1180395095-3134616843-1006: @adobe.com/Acrobat,version=5.1 -> C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll [2002-08-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Eric\Application Data\mozilla\plugins\npPxPlay.dll [2007-05-02] ( )

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Documents and Settings\Kim\Local Settings\Application Data\Wajam\Chrome\wajam_121.crx [2012-01-30]
CHR HKLM\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Documents and Settings\Kim\Local Settings\Application Data\I Want This\Chrome\I Want This.crx <not found>
StartMenuInternet: chrome.exe - C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 KodakCCS; C:\WINDOWS\system32\drivers\KodakCCS.exe [411920 2005-03-30] (Eastman Kodak Company)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-09-23] (Lexmark International, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S2 NetFxUpdate_v1.1.4322; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) [File not signed]
R2 NsEngine; C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe [118784 2002-12-19] () [File not signed]
S3 PhnxVCDService; C:\WINDOWS\System32\PhnxCDSvr.exe [36864 2004-01-07] (Phoenix Technologies Ltd.) [File not signed]
R2 SLService; C:\WINDOWS\system32\slserv.exe [45056 2003-08-11] ( )
R2 TSIRCSRV; C:\WINDOWS\System32\TSIRCSRV.EXE [102400 2003-06-18] (LapLink, Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2003-12-11] (Sensaura Ltd)
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [610988 2004-02-18] (Realtek Semiconductor Corp.)
R3 ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [11264 2003-11-28] (Pinnacle Systems GmbH) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2004-09-02] (Windows (R) 2000 DDK provider) [File not signed]
S2 Ca536av; C:\WINDOWS\System32\Drivers\Ca536av.sys [514859 2003-09-05] (Digital Camera)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [62976 2004-02-03] (Pinnacle Systems GmbH) [File not signed]
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1368000 2005-12-15] (C-Media Inc)
R1 DcCam; C:\WINDOWS\System32\DRIVERS\DcCam.sys [36950 2005-03-31] (Eastman Kodak Company)
S3 DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [61564 2005-03-31] (Eastman Kodak Company)
R2 DCFS2K; C:\WINDOWS\System32\drivers\dcfs2k.sys [38673 2005-03-31] (Eastman Kodak Company)
S3 DcLps; C:\WINDOWS\System32\DRIVERS\DcLps.sys [8022 2005-03-31] (Eastman Kodak Company)
S3 DcPTP; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [70262 2005-03-31] (Eastman Kodak Company)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59968 2017-02-24] ()
S1 Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [152081 2005-03-31] (Eastman Kodak Company)
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc.              )
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [40960 2002-10-28] (VIA Technologies, Inc.              )
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-03-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [219584 2017-03-28] (Malwarebytes)
R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [221848 2003-11-12] ( )
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1301776 2003-10-26] ( )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [167352 2003-08-11] ( )
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-04-10] (Padus, Inc.) [File not signed]
R3 PhnxVcd; C:\WINDOWS\System32\Drivers\PhnxVcd.sys [34688 2004-01-05] (Phoenix Technologies Ltd.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2004-09-23] (Sonic Solutions) [File not signed]
S3 RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [13776 2004-08-04] (Smart Link)
R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [548888 2003-08-18] ( )
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [86872 2003-10-26] ( )
R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [39348 2003-07-02] (Vireo Software)
R3 TSIKBF5; C:\WINDOWS\system32\Drivers\TSIKBF5.sys [9728 2003-06-18] (LapLink, Inc.)
R3 TSIMSF5; C:\WINDOWS\system32\Drivers\TSIMSF5.sys [5632 2003-06-18] (LapLink, Inc.) [File not signed]
S1 TSIRCINK; C:\WINDOWS\system32\Drivers\TSIRCINK.sys [9216 2003-06-18] (LapLink, Inc.) [File not signed]
R1 tsircmir; C:\WINDOWS\System32\Drivers\tsircmir.sys [2816 2003-06-18] (LapLink, Inc.) [File not signed]
R2 TSIREGMO; C:\WINDOWS\system32\drivers\tsiregmo.sys [5824 2003-06-18] (LapLink, Inc.) [File not signed]
R2 TSISER; C:\WINDOWS\system32\Drivers\TSISER.sys [42560 2003-06-18] (LapLink, Inc.) [File not signed]
R2 TSISTRMX; C:\WINDOWS\system32\Drivers\TSISTRMX.sys [5120 2003-06-18] (LapLink, Inc.) [File not signed]
S3 USBCamera; C:\WINDOWS\System32\Drivers\Bulk536.sys [11048 2003-05-14] (USB BULK)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [153472 2004-07-01] (Copyright (C) VIA/S3 Graphics Co, Ltd.)
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaidexp.sys [6144 2001-10-18] (VIA Technologies, Inc.)
R0 viasraid; C:\WINDOWS\System32\DRIVERS\viasraid.sys [77312 2003-10-30] (VIA Technologies inc,.ltd)
R0 VOBID; C:\WINDOWS\System32\DRIVERS\vobid.sys [29239 2003-08-01] (Pinnacle Systems) [File not signed]
R1 vobiw; C:\WINDOWS\system32\Drivers\vobiw.sys [187392 2004-02-20] (Pinnacle Systems GmbH) [File not signed]
S3 catchme; \??\C:\DOCUME~1\Eric\LOCALS~1\Temp\catchme.sys [X]
S4 hpt3xx; no ImagePath
S4 IntelIde; no ImagePath
S2 mrtRate; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
U5 vobcom; C:\Windows\System32\Drivers\vobcom.sys [9728 2001-10-04] (VOB Computersysteme GmbH) [File not signed]
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-27 20:54 - 2017-03-27 20:54 - 00000000 ___SD C:\ComboFix
2017-03-27 20:54 - 2017-03-27 20:54 - 00000000 ____D C:\WINDOWS\erdnt
2017-03-27 20:54 - 2017-03-27 20:54 - 00000000 ____D C:\Qoobox
2017-03-27 20:54 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-03-27 20:54 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-03-27 20:54 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-03-27 20:54 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-03-27 20:54 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-03-27 20:54 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-03-27 20:54 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-03-27 20:54 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-03-27 20:54 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-03-27 20:53 - 2017-03-27 20:49 - 05659269 ____R (Swearware) C:\Documents and Settings\Eric\Desktop\ComboFix.exe
2017-03-26 16:43 - 2017-03-26 16:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2017-03-26 15:40 - 2017-03-26 16:43 - 00002465 _____ C:\Documents and Settings\All Users\Desktop\Sophos Virus Removal Tool.lnk
2017-03-26 15:40 - 2017-03-26 15:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
2017-03-26 15:35 - 2017-03-26 15:35 - 00000000 ____D C:\Program Files\Sophos
2017-03-26 15:25 - 2017-03-26 15:25 - 00000000 ____D C:\AdwCleaner
2017-03-13 21:06 - 2017-03-13 21:06 - 00000000 ____D C:\FRST
2017-03-12 20:54 - 2017-03-12 20:54 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2017-03-11 20:59 - 2017-03-12 20:55 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-11 20:58 - 2017-03-28 21:38 - 00219584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-11 20:58 - 2017-03-26 09:33 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-11 20:58 - 2017-03-11 20:58 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-11 20:58 - 2017-02-24 06:23 - 00059968 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-03-11 16:34 - 2017-03-11 16:34 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2808679$
2017-03-11 13:29 - 2017-03-11 13:29 - 00000000 __SHD C:\FOUND.087
2017-03-11 12:18 - 2017-03-11 12:18 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2802968$
2017-03-11 12:17 - 2017-03-11 12:17 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2757638$
2017-03-11 12:10 - 2017-03-28 21:37 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-03-11 12:10 - 2017-03-11 13:30 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-28 21:38 - 2004-05-05 16:35 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2017-03-28 21:37 - 2003-01-01 00:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-28 21:36 - 2003-01-18 06:54 - 00000178 ___SH C:\Documents and Settings\Eric\ntuser.ini
2017-03-27 20:54 - 2003-01-01 00:10 - 00032466 _____ C:\WINDOWS\SchedLgU.Txt
2017-03-27 20:41 - 2012-04-04 19:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-27 16:26 - 2012-08-27 16:21 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2801439982-1180395095-3134616843-1008Core.job
2017-03-27 14:26 - 2012-08-03 14:21 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2801439982-1180395095-3134616843-1007Core1cd71a4cd63a616.job
2017-03-26 09:32 - 2012-01-05 21:46 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-03-26 09:32 - 2012-01-03 06:42 - 00663820 _____ C:\WINDOWS\ntbtlog.txt
2017-03-12 20:52 - 2003-01-01 00:02 - 00707192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-11 16:33 - 2003-01-01 00:03 - 00599832 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-11 16:31 - 2003-01-01 00:03 - 00001374 _____ C:\WINDOWS\imsins.BAK
2017-03-11 14:11 - 2004-05-05 16:35 - 00000931 _____ C:\WINDOWS\win.ini
2017-03-11 14:11 - 2004-05-05 16:35 - 00000227 _____ C:\WINDOWS\system.ini
2017-03-11 14:11 - 2004-05-05 16:35 - 00000211 __RSH C:\boot.ini

==================== Files in the root of some directories =======

2003-01-18 06:54 - 2004-09-09 11:49 - 0002048 _____ () C:\Documents and Settings\Eric\Application Data\user60.rdb
2003-01-18 06:54 - 2004-09-09 11:21 - 0000079 _____ () C:\Documents and Settings\Eric\Application Data\sversion.ini
2005-03-21 14:48 - 2005-03-21 14:48 - 0012358 _____ () C:\Documents and Settings\Eric\Application Data\PFP110JCM.{PB
2005-03-21 14:48 - 2005-03-21 14:48 - 0061678 _____ () C:\Documents and Settings\Eric\Application Data\PFP110JPR.{PB
2004-12-07 13:41 - 2009-06-29 22:42 - 0015872 _____ () C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2003-01-18 03:04 - 2004-01-07 11:51 - 0036864 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Default User\Local Settings\Temp\PhnxCDSvr.exe
2003-01-18 03:04 - 2003-11-21 19:40 - 0024576 _____ () C:\Documents and Settings\Default User\Local Settings\Temp\mvfile.exe
2003-01-18 03:04 - 2004-01-07 11:51 - 0184320 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Default User\Local Settings\Temp\phnxvaul.dll
2003-01-18 03:04 - 2003-04-01 10:32 - 0061440 _____ () C:\Documents and Settings\Default User\Local Settings\Temp\installutilities.dll
2003-01-18 03:04 - 2003-12-08 15:54 - 0062976 _____ (America Online, Inc.) C:\Documents and Settings\Default User\Local Settings\Temp\insmac2k.dll
2003-01-18 03:04 - 2004-04-07 11:36 - 0172032 _____ (America Online, Inc) C:\Documents and Settings\Default User\Local Settings\Temp\AcsInstall.dll
2003-01-18 03:04 - 2001-08-18 04:00 - 0032768 _____ (Microsoft Corporation) C:\Documents and Settings\Default User\Local Settings\Temp\mun51.exe
2003-01-18 03:04 - 2004-08-27 14:11 - 0446160 _____ (Microsoft Corp.) C:\Documents and Settings\Default User\Local Settings\Temp\MsnMusic.exe
2003-01-18 03:04 - 2004-08-09 23:21 - 0245408 _____ (Microsoft Corporation) C:\Documents and Settings\Default User\Local Settings\Temp\unicows.dll
2007-02-11 18:49 - 2006-10-27 19:25 - 0455600 ____R (Macrovision Corporation) C:\Documents and Settings\Kim\Local Settings\Temp\_is81.exe
2005-02-23 17:18 - 2005-02-23 17:18 - 0241664 _____ (AWS Convergence Technologies, Inc.) C:\Documents and Settings\Kim\Local Settings\Temp\MiniBug.exe
2006-02-12 12:28 - 2004-02-11 16:58 - 0024613 _____ (BackWeb) C:\Documents and Settings\Kim\Local Settings\Temp\IadHide5.dll
2006-12-18 15:41 - 2006-12-18 15:41 - 12550696 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\msgup_us.exe
2006-09-26 23:35 - 2006-09-26 23:34 - 0094288 ____N (AOL LLC) C:\Documents and Settings\Kim\Local Settings\Temp\instph.dll
2005-09-12 15:52 - 2005-09-12 15:52 - 0381480 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\msgr7us.exe
2005-10-05 15:52 - 2005-10-05 15:53 - 1275819 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\CDASilentInstall0501.exe
2005-09-02 16:55 - 2005-09-02 16:55 - 1229769 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\cdaSilentInstall.exe
2005-10-11 00:32 - 2004-12-03 15:34 - 0058464 _____ (Yahoo! Inc.) C:\Documents and Settings\Kim\Local Settings\Temp\wyb64.dll
2007-02-28 18:07 - 2006-11-02 14:48 - 1162280 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\ytb_inst.exe
2007-02-27 17:51 - 2006-11-06 10:20 - 0098304 _____ (Yahoo! Inc.) C:\Documents and Settings\Kim\Local Settings\Temp\ywiseext.dll
2004-12-05 16:11 - 2004-12-05 16:11 - 0316209 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\_quicktour_nue.exe
2006-09-12 12:59 - 2006-09-12 12:59 - 0962072 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\ytb_6.3.4.0_pub_us_setup_.exe
2006-10-25 02:21 - 2005-10-27 11:24 - 1896448 _____ (RealNetworks) C:\Documents and Settings\Kim\Local Settings\Temp\GoogleInstApp.exe
2006-10-25 02:21 - 2006-10-25 02:21 - 0743016 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\GDSSetup.exe
2006-10-25 02:21 - 2006-10-25 02:21 - 0745472 _____ (Google Inc.) C:\Documents and Settings\Kim\Local Settings\Temp\GoogleToolbar.dll
2006-10-25 02:21 - 2006-10-25 02:21 - 0094208 _____ (Google, Inc) C:\Documents and Settings\Kim\Local Settings\Temp\BarControl.dll
2007-02-28 18:06 - 2006-12-01 05:49 - 10376696 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\ymsgr_inst.exe
2007-08-29 19:08 - 2007-08-29 19:08 - 0606000 _____ () C:\Documents and Settings\Kim\Local Settings\Temp\messenger_update.exe
2016-11-27 13:37 - 2016-11-27 14:01 - 0248008 _____ (Ask.com) C:\Documents and Settings\Kim\Local Settings\Temp\AskSLib.dll
2006-08-10 16:45 - 2004-08-27 14:11 - 0446160 _____ (Microsoft Corp.) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\MsnMusic.exe
2006-08-10 16:45 - 2001-08-18 04:00 - 0032768 _____ (Microsoft Corporation) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\mun51.exe
2006-08-10 16:45 - 2004-08-09 23:21 - 0245408 _____ (Microsoft Corporation) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\unicows.dll
2006-08-10 16:45 - 2004-04-07 11:36 - 0172032 _____ (America Online, Inc) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\AcsInstall.dll
2006-08-10 16:45 - 2003-12-08 15:54 - 0062976 _____ (America Online, Inc.) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\insmac2k.dll
2006-08-10 16:45 - 2003-04-01 10:32 - 0061440 _____ () C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\installutilities.dll
2006-08-10 16:45 - 2004-01-07 11:51 - 0036864 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\PhnxCDSvr.exe
2006-08-10 16:45 - 2004-01-07 11:51 - 0184320 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\phnxvaul.dll
2006-08-10 16:45 - 2003-11-21 19:40 - 0024576 _____ () C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\mvfile.exe
2006-09-17 13:30 - 2004-02-11 16:58 - 0024613 _____ (BackWeb) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\IadHide5.dll
2012-08-22 23:38 - 2012-08-22 23:38 - 0248008 _____ (Ask.com) C:\Documents and Settings\Bry N Morgan\Local Settings\Temp\AskSLib.dll
2012-01-05 21:46 - 2004-08-09 23:21 - 0245408 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\Temp\unicows.dll
2012-01-05 21:46 - 2004-08-27 14:11 - 0446160 _____ (Microsoft Corp.) C:\Documents and Settings\Administrator\Local Settings\Temp\MsnMusic.exe
2012-01-05 21:46 - 2001-08-18 04:00 - 0032768 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\Temp\mun51.exe
2012-01-05 21:46 - 2003-12-08 15:54 - 0062976 _____ (America Online, Inc.) C:\Documents and Settings\Administrator\Local Settings\Temp\insmac2k.dll
2012-01-05 21:46 - 2004-01-07 11:51 - 0184320 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Administrator\Local Settings\Temp\phnxvaul.dll
2012-01-05 21:46 - 2003-04-01 10:32 - 0061440 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\installutilities.dll
2012-01-05 21:46 - 2004-04-07 11:36 - 0172032 _____ (America Online, Inc) C:\Documents and Settings\Administrator\Local Settings\Temp\AcsInstall.dll
2012-01-05 21:46 - 2003-11-21 19:40 - 0024576 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\mvfile.exe
2012-01-05 21:46 - 2004-01-07 11:51 - 0036864 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Administrator\Local Settings\Temp\PhnxCDSvr.exe
2016-11-27 14:41 - 2004-08-09 23:21 - 0245408 _____ (Microsoft Corporation) C:\Documents and Settings\Ean\Local Settings\Temp\unicows.dll
2016-11-27 14:41 - 2004-08-27 14:11 - 0446160 _____ (Microsoft Corp.) C:\Documents and Settings\Ean\Local Settings\Temp\MsnMusic.exe
2016-11-27 14:41 - 2001-08-18 04:00 - 0032768 _____ (Microsoft Corporation) C:\Documents and Settings\Ean\Local Settings\Temp\mun51.exe
2016-11-27 14:41 - 2003-12-08 15:54 - 0062976 _____ (America Online, Inc.) C:\Documents and Settings\Ean\Local Settings\Temp\insmac2k.dll
2016-11-27 14:41 - 2004-01-07 11:51 - 0184320 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Ean\Local Settings\Temp\phnxvaul.dll
2016-11-27 14:41 - 2004-04-07 11:36 - 0172032 _____ (America Online, Inc) C:\Documents and Settings\Ean\Local Settings\Temp\AcsInstall.dll
2016-11-27 14:41 - 2003-04-01 10:32 - 0061440 _____ () C:\Documents and Settings\Ean\Local Settings\Temp\installutilities.dll
2016-11-27 14:41 - 2004-01-07 11:51 - 0036864 _____ (Phoenix Technologies Ltd.) C:\Documents and Settings\Ean\Local Settings\Temp\PhnxCDSvr.exe
2016-11-27 14:41 - 2003-11-21 19:40 - 0024576 _____ () C:\Documents and Settings\Ean\Local Settings\Temp\mvfile.exe
2013-01-28 17:20 - 2013-01-28 17:20 - 0248008 _____ (Ask.com) C:\Documents and Settings\Ean\Local Settings\Temp\AskSLib.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Eric (28-03-2017 21:40:24)
Running from G:\AntiVirusWinXP
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2003-01-18 11:05:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2801439982-1180395095-3134616843-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2801439982-1180395095-3134616843-1009 - Limited - Enabled)
Bry N Morgan (S-1-5-21-2801439982-1180395095-3134616843-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Bry N Morgan
Ean (S-1-5-21-2801439982-1180395095-3134616843-1010 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Ean
Eric (S-1-5-21-2801439982-1180395095-3134616843-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Eric
Guest (S-1-5-21-2801439982-1180395095-3134616843-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2801439982-1180395095-3134616843-1005 - Limited - Disabled)
Kim (S-1-5-21-2801439982-1180395095-3134616843-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Kim
SUPPORT_388945a0 (S-1-5-21-2801439982-1180395095-3134616843-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D-Album (HKLM\...\3D-Album) (Version:  - )
ABBYY FineReader 5.0 Sprint Plus (HKLM\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.482.3431 - ABBYY Software House)
Ability Photopaint Studio 2002 (HKLM\...\Ability Photopaint Studio 2002) (Version:  - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.1 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Image Viewer Plugin 4.0 (HKLM\...\Adobe Image Viewer Plugin) (Version:  4.0 - Adobe Systems Inc.)
Adobe Photoshop Album Starter Edition (HKLM\...\{483616D1-867E-46F8-BEC7-3C6475933908}) (Version: 1.0 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - )
Atari Anniversary Edition (HKLM\...\Atari Anniversary Edition) (Version:  - )
ATECH FLASH PRO-Gear (HKLM\...\{D5E4F342-4ED4-489E-B0EC-0391248FB774}) (Version:  - )
CCScore (Version: 5.00.0000.0010 - EASTMAN KODAK Company) Hidden
C-Media WDM Audio Driver (HKLM\...\C-Media Audio Driver) (Version:  - )
ESSBrwr (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESScore (Version: 5.00.0000.0035 - EASTMAN KODAK Company) Hidden
ESSCT (Version: 5.00.0000.0101 - EASTMAN KODAK Company) Hidden
ESSEMAIL (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 5.00.0000.0011 - EASTMAN KODAK Company) Hidden
ESShelp (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSini (Version: 5.00.0000.0109 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 5.00.0000.0006 - EASTMAN KODAK Company) Hidden
ESSSONIC (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpaht (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSvpot (Version: 5.00.0000.0101 - EASTMAN KODAK Company) Hidden
ExpensAble 6 (HKLM\...\{EA743326-308F-49B5-8DF9-73D65F0299C9}) (Version: 6.0.0.0 - OneMind Connect, Inc.)
EZ Plug-N-Go (HKLM\...\{54D4B4F1-AA60-4FE2-AA9F-3794DEC9399A}) (Version: 2.1 - )
EZPhoto Browser (HKLM\...\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}) (Version: 2.1 - )
EZPhoto Panorama (HKLM\...\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}) (Version: 2.1 - )
EZPhoto Tools (HKLM\...\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}) (Version: 2.1 - )
EZShowtime MMS (HKLM\...\{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}) (Version: 1.1 - )
EZSuite For BestOn (HKLM\...\{bda8f365-7ee2-4a60-ba96-511673153311}) (Version: 1.0 - )
EZVideo Mail (HKLM\...\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}) (Version: 2.1 - )
FormTool v5 (HKLM\...\{7A8E8A21-835D-44AA-B3D9-104247EA7908}) (Version: 1.00.0000 - IMSI)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HLPIndex (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
HLPSFO (Version: 5.00.0000.0101 - EASTMAN KODAK Company) Hidden
INFOtrac Core Files (HKLM\...\INFOWSSETUP_is1) (Version:  - )
INFOtrac Personal 2003 (HKLM\...\Infotrac_is1) (Version: 6 - )
InterVideo DVDCopy 2 (HKLM\...\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}) (Version: 2.0-B2.28 - InterVideo Inc.)
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.230 - InterVideo Inc.)
Just Grandma and Me (HKLM\...\Just Grandma and Me) (Version:  - )
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (Version: 632.62.0002.0001 - EASTMAN KODAK Company) Hidden
LapLink Gold (HKLM\...\LapLink 2000) (Version:  - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Lexmark X6100 Series (HKLM\...\Lexmark X6100 Series) (Version:  - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version:  - Microsoft Corporation)
Microsoft Excel Viewer 97 (HKLM\...\XLViewer97) (Version:  - )
Microsoft Picture It! Express 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Monopoly Casino (HKLM\...\Monopoly Casino) (Version:  - )
Motorola Driver Installation (HKLM\...\{0D442113-1F96-40DE-948C-5850CE7B8005}) (Version: 1.3.0 - Motorola Inc.)
Motorola USB Drivers (HKLM\...\Motorola USB Drivers) (Version:  - )
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NASCAR Heat (HKLM\...\NASCAR Heat) (Version:  - )
Nero 6 Demo (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Netscape (7.02) (HKLM\...\Netscape (7.02)) (Version:  - )
Notifier (Version: 5.00.0000.0101 - EASTMAN KODAK Company) Hidden
NovaBackup 7 (HKLM\...\{1E888AA9-24E4-44B8-8C2C-B619F09821A6}) (Version: 7.00.5001 - NovaStor Corporation)
OfotoXMI (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
OpenOffice.org 1.0 (HKLM\...\OpenOffice.org 1.0) (Version: 1.0 - Sun Microsystems, Inc.)
OTtBP (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
OTtBPSDK (Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Peachtree First Accounting 2004 (HKLM\...\InstallShield_{CD19E5C2-CAE6-46D8-AAC2-9C30F27BE552}) (Version: 11.00.01 - Best Software SB, Inc)
Peachtree First Accounting 2004 (Version: 11.00.01 - Best Software SB, Inc) Hidden
Personal RecordKeeper (HKLM\...\pr5file) (Version:  - )
Phoenix FirstWare Vault (HKLM\...\InstallShield_{7189085D-C9B1-4941-BEA0-5B3035A92B13}) (Version: 1.3.14.23 - Phoenix Technologies Ltd)
Phoenix FirstWare Vault (Version: 1.3.14.23 - Phoenix Technologies Ltd) Hidden
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - )
Pinnacle InstantCD/DVD Suite (HKLM\...\{6B5D8CB6-0156-4B50-9DAA-618FF9FC18A6}) (Version: 8.1.0.1 - Pinnacle Systems GmbH)
Print to Fax (HKLM\...\{5BF2B19D-9C79-492A-8969-F059F06A627F}) (Version: 1.00 - BVRP Software)
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
Quicken 2003 New User Edition (HKLM\...\InstallShield_{301C291D-1F31-440F-8289-0DDE06F6EFA7}) (Version: 12.00.0000 - Intuit)
Quicken 2003 New User Edition (Version: 12.00.0000 - Intuit) Hidden
Quicken Legal Business Pro 2004 (HKLM\...\Quicken Legal Business Pro 2004) (Version:  - )
Quicken WillMaker Plus 2004 (HKLM\...\Quicken WillMaker Plus 2004) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
RingCentral EasyFax (HKLM\...\RingCentral EasyFax) (Version:  - )
SFR (Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
SKIN0001 (Version: 5.00.0000.0005 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
Smart Attorney 8.0 (HKLM\...\Smart Attorney 8.0) (Version:  - )
Smart Business Plan 8.0 (HKLM\...\Smart Business Plan 8.0) (Version:  - )
Smart Link 56K Voice Modem (HKLM\...\SLAMRNTV) (Version:  - )
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
StuffIt Standard (HKLM\...\{E1F21580-77B0-48CD-A96B-EDF7201A46AC}) (Version:  - )
Take-it MV300 (HKLM\...\{77DD1DCB-0FD4-4942-B7F3-540B52C77C0C}) (Version:  - )
The Print Shop 20 (HKLM\...\{152BF35B-56D7-4652-B519-1661AAC270EE}) (Version: 20.00.0000 - Broderbund Software)
The Rosetta Stone (HKLM\...\The Rosetta Stone) (Version:  - )
TightVNC 2.0.4 (HKLM\...\TightVNC) (Version: 2.0.4 - GlavSoft LLC.)
TurboProject v.4 (HKLM\...\{4BEED434-8D57-11D4-A3B6-008048EE5CCD}) (Version: 4.0.0.0000 - IMSI)
TurboTax ItsDeductible 2006 (HKLM\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit)
Ulead Photo Explorer 8.0 SE Basic (HKLM\...\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}) (Version: 8.0 - Ulead Systems, Inc.)
Ulead Photo Express My Scrapbook 2.0 (HKLM\...\{CF404C21-47EB-4FA5-B920-91746874ED43}) (Version: 2.0 - Ulead Systems)
Ulead VideoStudio 7 SE Basic (HKLM\...\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}) (Version: 7.0 - Ulead Systems, Inc.)
UniChrome Pro IGP Display Driver and Utilities (HKLM\...\S3) (Version:  - )
VIA Integrated Setup Wizard (HKLM\...\InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}) (Version: 0.99 - VIA Technologies, Inc.)
VIA Integrated Setup Wizard (Version: 0.99 - VIA Technologies, Inc.) Hidden
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
VPRINTOL (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
Web Sudoku Deluxe 1.1.1 (HKLM\...\Web Sudoku Deluxe_is1) (Version: 1.1.1 - Web Sudoku)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0540.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WIRELESS (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.2 - Corel Corporation)
WriteExpress 3,001 Business & Sales Letters (HKLM\...\InstallShield_{720DAF8C-F9FD-4236-8EDD-75219B21E276}) (Version: 6.0 - WriteExpress)
WriteExpress 3,001 Business & Sales Letters (Version: 6.0 - WriteExpress) Hidden
Zoner Draw 3 (HKLM\...\{D692E771-F6CC-11D4-83DE-004F4E03F091}) (Version: 3.0.1621.5 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2801439982-1180395095-3134616843-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ISP signup reminder 1.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
Task: C:\WINDOWS\Tasks\ISP signup reminder 2.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2801439982-1180395095-3134616843-1007Core1cd71a4cd63a616.job => C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2801439982-1180395095-3134616843-1008Core.job => C:\Documents and Settings\Bry N Morgan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2004-05-05 16:35 - 2001-08-18 04:00 - 00015360 _____ () C:\WINDOWS\system32\tsd32.dll
2012-02-12 20:09 - 2007-08-21 13:32 - 00098304 _____ () C:\WINDOWS\system32\redmonnt.dll
2004-09-02 21:56 - 2003-07-21 09:13 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBFPP5C.dll
2002-12-19 03:35 - 2002-12-19 03:35 - 00118784 _____ () C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
2002-12-18 14:43 - 2002-12-18 14:43 - 00204800 _____ () C:\Program Files\NovaStor\NovaBackup\7\IdxDB.dll
2002-12-18 14:44 - 2002-12-18 14:44 - 00036864 _____ () C:\Program Files\NovaStor\NovaBackup\7\NsUtils.dll
2003-01-16 17:05 - 2003-01-16 17:05 - 00598016 _____ () C:\Program Files\NovaStor\NovaBackup\7\NsDisc.dll
2002-12-18 14:44 - 2002-12-18 14:44 - 00090112 _____ () C:\Program Files\NovaStor\NovaBackup\7\MailObj.dll
2002-12-19 03:31 - 2002-12-19 03:31 - 00172032 _____ () C:\Program Files\NovaStor\NovaBackup\7\SchDB.dll
2002-12-18 14:46 - 2002-12-18 14:46 - 00098304 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgregistry.dll
2002-12-18 14:47 - 2002-12-18 14:47 - 00167936 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgsysstate.dll
2002-12-18 14:46 - 2002-12-18 14:46 - 00020480 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgsysfile.dll
2002-12-18 14:46 - 2002-12-18 14:46 - 00024576 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgdatabase.dll
2002-12-18 14:46 - 2002-12-18 14:46 - 00020480 _____ () C:\Program Files\NovaStor\NovaBackup\7\pkgdbffile.dll
2017-03-11 20:58 - 2017-02-24 06:23 - 01732896 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-05-05 16:35 - 2001-08-18 04:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 72.240.13.7 - 72.240.13.5
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Atari Launcher 2 => C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
MSCONFIG\startupreg: AtariBanner => "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
MSCONFIG\startupreg: LapLink Scheduler => "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
MSCONFIG\startupreg: Lexmark X6100 Series => "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AMERIC~1.0
DomainProfile\AuthorizedApplications: [C:\Program Files\AIM95\aim.exe] => Enabled:AOL Instant Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YPager.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YServer.exe] => Enabled:Yahoo! FT Server
StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AMERIC~1.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Kazaa\kazaa.exe] => Enabled:Kazaa
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe] => Enabled:EasyShare
StandardProfile\AuthorizedApplications: [C:\Program Files\AIM95\aim.exe] => Enabled:AOL Instant Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1159328216\ee\aolsoftware.exe] => Enabled:AOL Services
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1159328216\ee\aim6.exe] => Enabled:AIM
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2006\32BIT\TTAX.EXE] => :LocalSubNet:Enabled:TurboTax
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2006\32BIT\updatemgr.exe] => :LocalSubNet:Enabled:TurboTax Update Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\mna\McNASvc.exe] => Enabled:McAfee Network Agent
StandardProfile\AuthorizedApplications: [C:\Program Files\Savings Bond Wizard\SBWizard.exe] => Enabled:Savings Bond Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe] => Disabled:Kodak Software Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\TightVNC\tvnserver.exe] => Enabled:TightVNC Server
StandardProfile\AuthorizedApplications: [C:\Program Files\TightVNC\vncviewer.exe] => Enabled:TightVNC Viewer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\System32\lexpps.exe] => Disabled:LEXPPS.EXE
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management 
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

19-02-2017 21:47:04 Software Distribution Service 3.0
11-03-2017 13:15:47 Software Distribution Service 3.0
11-03-2017 15:33:13 Software Distribution Service 3.0
11-03-2017 17:10:17 Software Distribution Service 3.0
11-03-2017 17:14:51 Software Distribution Service 3.0
12-03-2017 17:17:15 Software Distribution Service 3.0
26-03-2017 10:39:20 System Checkpoint
26-03-2017 15:19:09 JRT Pre-Junkware Removal
26-03-2017 15:35:22 Installed Sophos Virus Removal Tool.
27-03-2017 16:33:41 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: C-Media AC97 Audio Device
Description: C-Media AC97 Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: C-Media
Service: cmuda
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2017 06:43:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/26/2017 06:43:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/26/2017 06:43:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/13/2017 09:31:18 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (03/28/2017 09:38:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft .NET Framework v1.1.4322 Update service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (03/28/2017 09:38:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework v1.1.4322 Update service to connect.

Error: (03/28/2017 09:38:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error: 
The system cannot find the file specified.

Error: (03/28/2017 09:38:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Take-it DV Series service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/26/2017 03:30:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft .NET Framework v1.1.4322 Update service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (03/26/2017 03:30:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework v1.1.4322 Update service to connect.

Error: (03/26/2017 03:30:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error: 
The system cannot find the file specified.

Error: (03/26/2017 03:30:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Take-it DV Series service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/26/2017 03:27:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/26/2017 03:27:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info =========================== 

Processor:  Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of memory in use: 75%
Total physical RAM: 447.48 MB
Available physical RAM: 107.66 MB
Total Virtual: 1055.11 MB
Available Virtual: 784.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:178.94 GB) (Free:132.88 GB) FAT32 ==>[drive with boot components (Windows XP)]
Drive g: () (Removable) (Total:7.45 GB) (Free:7.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 179 GB) (Disk ID: 00590059)
Partition 1: (Active) - (Size=179 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

Okay, please run the following. It will clean the temp and reset a couple items as well as run a full disk check on your hard drive. Please let the disk check run. It may take 30 minutes, up to multiple hours to complete, please try to let it complete.


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Eric (29-03-2017 19:30:08) Run:1
Running from C:\Documents and Settings\Eric\Desktop
Loaded Profiles: Eric (Available Profiles: Eric & Kim & Bry N Morgan & Ean & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
RemoveProxy:
CMD: ECHO Y|CHKDSK C: /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
EmptyTemp:
Reboot:

*****************

Processes closed successfully.
Restore point was successfully created.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


========= ECHO Y|CHKDSK C: /R =========

The type of the file system is FAT32.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) Y

This volume will be checked the next time the system restarts.

========= End of CMD: =========


=========  "%WINDIR%\SYSTEM32\lodctr.exe" /R =========

LODCTR
    Updates Performance Monitor counter names and explain text for an extensible counter

Usage:
    LODCTR [\\computername] filename
        computername is the name of the remote computer.
            Local machine is used if computername is not specified.
        filename is the name of the initialization file that contains
            the counter name definitions and explain text for an extensible
            counter DLL.

    LODCTR /S:<FileName>
        save current perf registry strings and info to <FileName>

    LODCTR /R:<FileName>
        restore perf registry strings and info using <FileName>

Note: any arguments with spaces in the names must be enclosed within
Double Quotation marks.

========= End of CMD: =========


========= netsh int ip reset =========

One or more essential parameters were not entered.
Verify the required parameters, and reenter them.
The syntax supplied for this command is not valid. Check help for the correct syntax.

Usage: reset [name=]<string>
 
Parameters:
 
      Tag            Value
      name         - The name of a file to which to append information 
                     regarding what settings were reset. 
 
Remarks: Resets TCP/IP and related components to a clean state. 
 
Examples:
 
       reset resetlog.txt


========= End of CMD: =========


========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 1029472 B
Java, Flash, Steam htmlcache => 487832 B
Windows/system/dllcache/drivers => 16836 B
Edge => 0 B
Chrome => 0 B
Firefox => 24286209 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 48921728 B
All Users => 0 B
systemprofile => 372099760 B
LocalService => 1443747 B
NetworkService => 628 B
Eric => 128720380 B
Kim => 784178388 B
Bry N Morgan => 83225548 B
Ean => 309954379 B
Administrator => 49130701 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:32:17 ====

Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

.
Reset Your Browser Settings
.

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

.
Close Chrome and restart it and check it out for me please

Link to post
Share on other sites

There are 4 windows users on this  PC, not sure how many if any use Google Sync, I've asked the question and I am awaiting an answer from them. What do I do if there are multiple sync users, and what if there are none with a google account? Also, even after resetting IE in each user profile, a couple still have toolbars. Not sure if they are enable or disabled though. With the multiple users in mind, should I repeat any of the other processes per user? 

No firefox installation was found, only an installer exe.

Link to post
Share on other sites

I didn't reset Chrome yet as Ibwas waiting in word about Google Sync. I will do so now. One thing though is wajam appears to still be around. When I opened chrome a wajam add-on attempted to add itself to chrome. It was in a waiting-to-be-enabled status so I left it alone and created bookmark backups and after a few minutes chrome popped up an alert that wajam was being blocked since it was not from the google store. I will reset chrome now and await instructions.

Link to post
Share on other sites

  • Root Admin

Okay, let's go ahead and run a temp file cleaner then.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then do a Threat Scan with Malwarebytes and post back that log and let me know if there are any other issues or not.

Thanks

Ron

 

Link to post
Share on other sites

I have not quarantined or removed anything that MBAM found, it is still in the post-scan screen Threat Scan Results with  358 items selected. Clearly Wajam is still around, and I see Crossfire/Crossrider in several references in Firefox application data. Because of this I double checked, and Firefox is definitely not installed, but clearly was at some point. There is a /mozilla/firefox directory in program files, but no executable, just a couple data subfolders, and no entry in Add/Remove programs. I'm thinking deleting the firefox directory in \application data\mozilla\ might be a good idea. I will await instructions on that and on the action to take with the MBAM results.

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/31/17
Scan Time: 9:39 PM
Logfile: mbam201703312200.log
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1639
License: Free

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: FAT32
User: ERICNKIM\Eric

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 504527
Time Elapsed: 35 min, 32 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 42
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, No Action By User, [131], [168989],1.0.1639
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, No Action By User, [131], [168989],1.0.1639
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, No Action By User, [131], [168989],1.0.1639
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, No Action By User, [131], [168989],1.0.1639
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, No Action By User, [131], [168989],1.0.1639
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, No Action By User, [131], [168989],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [13268], [168103],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [13268], [168103],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [13268], [168103],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [13268], [168103],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, No Action By User, [13268], [168102],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, No Action By User, [13268], [168102],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, No Action By User, [13268], [168102],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, No Action By User, [13268], [168102],1.0.1639
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440044224458}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066226658}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077227758}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, No Action By User, [5507], [170083],1.0.1639
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\CLSID\{33333333-3333-3333-3333-330033223358}, No Action By User, [5507], [170085],1.0.1639
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220022222258}, No Action By User, [5507], [170084],1.0.1639
Adware.GamePlayLabs, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{65bcd620-07dd-012f-819f-073cf1b8f7c6}, No Action By User, [5507], [170087],1.0.1639
PUP.Optional.BabylonTB, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE, No Action By User, [4667], [19625],1.0.1639
PUP.Optional.CrossRider, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\CROSSRIDER, No Action By User, [307], [237377],1.0.1639
PUP.Optional.IWantThis, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\I Want This, No Action By User, [3048], [239637],1.0.1639
PUP.Optional.InstallCore, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\InstallCore, No Action By User, [8], [239563],1.0.1639
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\Wajam, No Action By User, [131], [244668],1.0.1639
PUP.Optional.Wajam, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jpmbfleldcgkldadpdinhjjopdfpjfjp, No Action By User, [131], [244681],1.0.1639
PUP.Optional.IWantThis, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\I Want This, No Action By User, [3048], [239637],1.0.1639
PUP.Optional.GamesPlayLab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mpfapcdfbbledbojijcbcclmlieaoogk, No Action By User, [13242], [251638],1.0.1639
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\Wajam, No Action By User, [131], [244668],1.0.1639
PUP.Optional.IWantThis, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\I Want This, No Action By User, [3048], [239637],1.0.1639
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\Wajam, No Action By User, [131], [244668],1.0.1639

Registry Value: 19
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [13268], [168103],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [13268], [168103],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [13268], [168103],1.0.1639
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [13268], [168103],1.0.1639
PUP.Optional.CrossRider, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\CROSSRIDER|VERIFIER, No Action By User, [307], [237377],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\I WANT THIS|BUNDLEDFIREFOX, No Action By User, [5507], [262266],1.0.1639
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\CROSSRIDER|215APPVERIFIER, No Action By User, [5507], [262265],1.0.1639
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220022222258}|, No Action By User, [307], [324196],1.0.1639
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}|, No Action By User, [307], [324197],1.0.1639
PUP.Optional.GamesPlayLab, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\I WANT THIS|HELPERRUNNINGVERSION, No Action By User, [13242], [251637],1.0.1639

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 37
PUP.Optional.Wajam, C:\Documents and Settings\Kim\Local Settings\Application Data\Wajam\Chrome, No Action By User, [131], [180346],1.0.1639
PUP.Optional.Wajam, C:\DOCUMENTS AND SETTINGS\KIM\LOCAL SETTINGS\APPLICATION DATA\Wajam, No Action By User, [131], [180346],1.0.1639
PUP.Optional.IWantThis, C:\Documents and Settings\Kim\Local Settings\Application Data\I Want This\Chrome, No Action By User, [3048], [177843],1.0.1639
PUP.Optional.IWantThis, C:\DOCUMENTS AND SETTINGS\KIM\LOCAL SETTINGS\APPLICATION DATA\I Want This, No Action By User, [3048], [177843],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\LOCALE, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KF6GENTA.DEFAULT\EXTENSIONS\crossriderapp2258@crossrider.com, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\LOCALE, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\DOCUMENTS AND SETTINGS\BRY N MORGAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8K4GRJ7N.DEFAULT\EXTENSIONS\crossriderapp2258@crossrider.com, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\LOCALE, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\DOCUMENTS AND SETTINGS\ERIC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FEXO4SS0.DEFAULT\EXTENSIONS\crossriderapp2258@crossrider.com, No Action By User, [14432], [176312],1.0.1639

File: 260
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KF6GENTA.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.Wajam, C:\Documents and Settings\Kim\Local Settings\Application Data\Wajam\Chrome\wajam_121.crx, No Action By User, [131], [180346],1.0.1639
PUP.Optional.Wajam, C:\Documents and Settings\Kim\Local Settings\Application Data\Wajam\Chrome\unique_id.txt, No Action By User, [131], [180346],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\BRY N MORGAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8K4GRJ7N.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, No Action By User, [2122], [301503],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301501],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [301502],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301531],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [307], [301532],1.0.1639
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, No Action By User, [2122], [303320],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BR.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TL.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BL.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TR.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\B.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\closelabel.gif, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\LOADING.GIF, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\faye-browser-min.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\jquery-1.4.2.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\search_dialog.xul, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\workers_chain.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\push.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps-style.css, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\messaging.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\background.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\DIALOG.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\BROWSER.XUL, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossrider.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.XUL, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossriderapi.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\update.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\utilityapi.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\socialapi.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON4.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup_binding.xml, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON3.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON24.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\panelarrow-up.png, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\SKIN.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON5.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\POPUP.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON48.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\crossrider_statusbar.png, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON16.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON2.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON128.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\UPDATE.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON1.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences\PREFS.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US\translations.dtd, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\INSTALL.RDF, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BR.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TL.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BL.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TR.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\B.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\closelabel.gif, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\LOADING.GIF, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\faye-browser-min.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\jquery-1.4.2.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\search_dialog.xul, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\workers_chain.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\push.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps-style.css, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\messaging.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\background.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\DIALOG.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\BROWSER.XUL, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossrider.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.XUL, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossriderapi.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\update.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\utilityapi.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\socialapi.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON4.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup_binding.xml, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON3.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON24.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\panelarrow-up.png, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\SKIN.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON5.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\POPUP.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON48.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\crossrider_statusbar.png, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON16.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON2.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON128.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\UPDATE.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON1.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences\PREFS.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US\translations.dtd, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\INSTALL.RDF, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BR.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TL.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BL.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TR.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\B.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\closelabel.gif, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\LOADING.GIF, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\faye-browser-min.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\jquery-1.4.2.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\search_dialog.xul, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\workers_chain.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\push.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps-style.css, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\messaging.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\background.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\DIALOG.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\BROWSER.XUL, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossrider.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.XUL, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossriderapi.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\update.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\utilityapi.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\socialapi.js, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON4.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup_binding.xml, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON3.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON24.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup.html, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\panelarrow-up.png, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\SKIN.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON5.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\POPUP.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON48.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\crossrider_statusbar.png, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON16.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON2.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON128.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\UPDATE.CSS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON1.PNG, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences\PREFS.JS, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US\translations.dtd, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\INSTALL.RDF, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest, No Action By User, [14432], [176312],1.0.1639
PUP.Optional.BabylonTB, C:\DOCUMENTS AND SETTINGS\KIM\LOCAL SETTINGS\APPLICATION DATA\BABYLON\SETUP\SETUP.EXE, No Action By User, [4667], [19625],1.0.1639

Physical Sector: 0
(No malicious items detected)


(end)




****PLEASE NOTE: I did post some details just before this log, I meant to include that post with this ***************************************

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/17
Scan Time: 8:58 AM
Logfile: mbam201704010945.log
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1640
License: Free

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: FAT32
User: ERICNKIM\Eric

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 504554
Time Elapsed: 39 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 42
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440044224458}, Quarantined, [5507], [170084],1.0.1640
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}, Quarantined, [5507], [170084],1.0.1640
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066226658}, Quarantined, [5507], [170084],1.0.1640
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077227758}, Quarantined, [5507], [170084],1.0.1640
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220022222258}, Quarantined, [5507], [170084],1.0.1640
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
Adware.GamePlayLabs, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, Quarantined, [5507], [170083],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, Quarantined, [13270], [168102],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, Quarantined, [13270], [168102],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, Quarantined, [13270], [168102],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, Quarantined, [13270], [168102],1.0.1640
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [131], [168989],1.0.1640
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [131], [168989],1.0.1640
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [131], [168989],1.0.1640
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [131], [168989],1.0.1640
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [131], [168989],1.0.1640
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [131], [168989],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [13270], [168103],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [13270], [168103],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [13270], [168103],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [13270], [168103],1.0.1640
Adware.GamePlayLabs, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{65bcd620-07dd-012f-819f-073cf1b8f7c6}, Quarantined, [5507], [170087],1.0.1640
Adware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\CLSID\{33333333-3333-3333-3333-330033223358}, Quarantined, [5507], [170085],1.0.1640
PUP.Optional.BabylonTB, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE, Quarantined, [4667], [19625],1.0.1640
PUP.Optional.CrossRider, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\CROSSRIDER, Quarantined, [307], [237377],1.0.1640
PUP.Optional.IWantThis, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\I Want This, Quarantined, [3048], [239637],1.0.1640
PUP.Optional.InstallCore, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\InstallCore, Quarantined, [8], [239563],1.0.1640
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\Wajam, Quarantined, [131], [244668],1.0.1640
PUP.Optional.Wajam, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jpmbfleldcgkldadpdinhjjopdfpjfjp, Quarantined, [131], [244681],1.0.1640
PUP.Optional.IWantThis, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\I Want This, Quarantined, [3048], [239637],1.0.1640
PUP.Optional.GamesPlayLab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mpfapcdfbbledbojijcbcclmlieaoogk, Quarantined, [13244], [251638],1.0.1640
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\Wajam, Quarantined, [131], [244668],1.0.1640
PUP.Optional.IWantThis, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\I Want This, Quarantined, [3048], [239637],1.0.1640
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\Wajam, Quarantined, [131], [244668],1.0.1640

Registry Value: 19
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2801439982-1180395095-3134616843-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [131], [-1],0.0.0
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [13270], [168103],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [13270], [168103],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [13270], [168103],1.0.1640
PUP.Optional.InboxToolBar, HKU\S-1-5-21-2801439982-1180395095-3134616843-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [13270], [168103],1.0.1640
PUP.Optional.CrossRider, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\CROSSRIDER|VERIFIER, Quarantined, [307], [237377],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\CROSSRIDER|215APPVERIFIER, Quarantined, [5507], [262265],1.0.1640
Adware.GamePlayLabs, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\I WANT THIS|BUNDLEDFIREFOX, Quarantined, [5507], [262266],1.0.1640
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220022222258}|, Quarantined, [307], [324196],1.0.1640
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}|, Quarantined, [307], [324197],1.0.1640
PUP.Optional.GamesPlayLab, HKU\S-1-5-21-2801439982-1180395095-3134616843-1007\SOFTWARE\I WANT THIS|HELPERRUNNINGVERSION, Quarantined, [13244], [251637],1.0.1640

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 37
PUP.Optional.Wajam, C:\Documents and Settings\Kim\Local Settings\Application Data\Wajam\Chrome, Quarantined, [131], [180346],1.0.1640
PUP.Optional.Wajam, C:\DOCUMENTS AND SETTINGS\KIM\LOCAL SETTINGS\APPLICATION DATA\Wajam, Quarantined, [131], [180346],1.0.1640
PUP.Optional.IWantThis, C:\Documents and Settings\Kim\Local Settings\Application Data\I Want This\Chrome, Quarantined, [3048], [177843],1.0.1640
PUP.Optional.IWantThis, C:\DOCUMENTS AND SETTINGS\KIM\LOCAL SETTINGS\APPLICATION DATA\I Want This, Quarantined, [3048], [177843],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\LOCALE, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KF6GENTA.DEFAULT\EXTENSIONS\crossriderapp2258@crossrider.com, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\LOCALE, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\DOCUMENTS AND SETTINGS\BRY N MORGAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8K4GRJ7N.DEFAULT\EXTENSIONS\crossriderapp2258@crossrider.com, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\LOCALE, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\DOCUMENTS AND SETTINGS\ERIC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FEXO4SS0.DEFAULT\EXTENSIONS\crossriderapp2258@crossrider.com, Quarantined, [14434], [176312],1.0.1640

File: 260
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KF6GENTA.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\BRY N MORGAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8K4GRJ7N.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.Wajam, C:\Documents and Settings\Kim\Local Settings\Application Data\Wajam\Chrome\wajam_121.crx, Quarantined, [131], [180346],1.0.1640
PUP.Optional.Wajam, C:\Documents and Settings\Kim\Local Settings\Application Data\Wajam\Chrome\unique_id.txt, Quarantined, [131], [180346],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\USER.JS, Replaced, [2122], [301503],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301501],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [301502],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301531],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.CrossRider, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [307], [301532],1.0.1640
PUP.Optional.Babylon, C:\DOCUMENTS AND SETTINGS\KIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3W4HVXDW.DEFAULT\PREFS.JS, Replaced, [2122], [303320],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BR.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TL.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BL.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TR.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\B.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\closelabel.gif, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\LOADING.GIF, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\faye-browser-min.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\jquery-1.4.2.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\search_dialog.xul, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\workers_chain.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\push.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps-style.css, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\messaging.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\background.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\DIALOG.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\BROWSER.XUL, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossrider.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.XUL, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossriderapi.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\update.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\utilityapi.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\socialapi.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON4.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup_binding.xml, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON3.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON24.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\panelarrow-up.png, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\SKIN.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON5.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\POPUP.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON48.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\crossrider_statusbar.png, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON16.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON2.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON128.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\UPDATE.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON1.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences\PREFS.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US\translations.dtd, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\INSTALL.RDF, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kf6genta.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BR.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TL.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BL.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TR.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\B.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\closelabel.gif, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\LOADING.GIF, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\faye-browser-min.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\jquery-1.4.2.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\search_dialog.xul, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\workers_chain.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\push.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps-style.css, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\messaging.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\background.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\DIALOG.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\BROWSER.XUL, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossrider.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.XUL, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossriderapi.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\update.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\utilityapi.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\socialapi.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON4.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup_binding.xml, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON3.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON24.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\panelarrow-up.png, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\SKIN.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON5.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\POPUP.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON48.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\crossrider_statusbar.png, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON16.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON2.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON128.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\UPDATE.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON1.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences\PREFS.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US\translations.dtd, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\INSTALL.RDF, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Bry N Morgan\Application Data\Mozilla\Firefox\Profiles\8k4grj7n.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BR.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TL.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\BL.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\TR.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\B.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\closelabel.gif, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\Images\LOADING.GIF, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\FACEBOX\FACEBOX.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\faye-browser-min.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\LIB\jquery-1.4.2.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\search_dialog.xul, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\workers_chain.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\push.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps-style.css, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\messaging.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\manage-apps.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\background.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\DIALOG.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\BROWSER.XUL, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossrider.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\OPTIONS.XUL, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\crossriderapi.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\update.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\utilityapi.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\CHROME\CONTENT\socialapi.js, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON4.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup_binding.xml, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON3.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON24.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\popup.html, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\panelarrow-up.png, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\SKIN.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON5.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\POPUP.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON48.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\crossrider_statusbar.png, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON16.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON2.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\ICON128.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\UPDATE.CSS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\SKIN\BUTTON1.PNG, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\DEFAULTS\preferences\PREFS.JS, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\LOCALE\en-US\translations.dtd, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\INSTALL.RDF, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.CrossFire, C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\fexo4ss0.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest, Quarantined, [14434], [176312],1.0.1640
PUP.Optional.BabylonTB, C:\DOCUMENTS AND SETTINGS\KIM\LOCAL SETTINGS\APPLICATION DATA\BABYLON\SETUP\SETUP.EXE, Quarantined, [4667], [19625],1.0.1640

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Follow up scan looks good. Is there another scanning tool that I should use to double check?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/17
Scan Time: 10:07 AM
Logfile: mbam201704011145.log
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1640
License: Free

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: FAT32
User: ERICNKIM\Eric

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 506146
Time Elapsed: 28 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Microsoft Windows XP x86 
Ran by Eric (Administrator) on Mon 04/03/2017 at  8:26:36.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 8 

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2OHVQPQ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4QNFUN79 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFZVQ3MD (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PLSXQMLO (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2OHVQPQ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4QNFUN79 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MFZVQ3MD (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PLSXQMLO (Temporary Internet Files Folder) 

Registry: 1 

Successfully deleted: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (Registry Key) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/03/2017 at  8:30:50.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v6.044 - Logfile created 03/04/2017 at 09:10:14
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-02-28.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Eric - ERICNKIM
# Running from : G:\AntiVirusWinXP\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [7957 Bytes] - [26/03/2017 15:27:25]
C:\AdwCleaner\AdwCleaner[C0].txt - [8414 Bytes] - [26/03/2017 15:28:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [1142 Bytes] - [03/04/2017 09:10:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1215 Bytes] ##########

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.