Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pup.optional.crossrider.a


  • Please log in to reply
10 replies to this topic

#1 Jenniferrd

Jenniferrd

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 08 December 2014 - 09:25 AM

I have had multiple issues with my computer, most of which I think I've gotten worked out, but this problem hasn't gone away with pup.optional.crossrider.a.  

 

We were having internet connection problems, so at first I didn't realize that I had an infection, as our internet connection actually had a problem as did our line coming into our house, which now is worked out by our provider.  I was still having slow internet connection problems and instances of it not finding the server to main websites or not sending and receiving email.  I ran Malwarebytes and it came up with multiple instances of pup.optional.crossrider.a.  I have Advast, and ran a boot-time scan which found quite a few trojans and malware, which it got rid of them.  After it ran, I ran Malwarebytes again, and again it found pup.optional.crossrider.a.  How do I get rid of this and is it dangerous?

 

The computer is running much better after the boot time scan, but I still would like to get it completely taken care of.  Thanks! 

 

Jennifer



BC AdBot (Login to Remove)

 


#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 08 December 2014 - 11:23 AM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.
 
Step One:
Mini Tool Box
  • Click here to download MiniToolBox to your desktop.
  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Last 10 Event Viewer Errors
List Installed Programs
List Restore Points
 
Step Two:
Malwarebytes Anti-Malware
  • Click here to download Malwarebytes to your desktop.
  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.
How to get the log.
  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.
Step Three:
Security Check
  • Click here to download Security Check to your desktop.
  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.
Thanks and good luck!

Edited by LighthouseParty, 08 December 2014 - 11:24 AM.


#3 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 08 December 2014 - 12:48 PM

Okay, here you are:

 

Step 1 Mini Tool Box:

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Work (administrator) on 08-12-2014 at 12:10:58
Running from "C:\Users\Work\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


========================= Event log errors: ===============================

Application errors:
==================
Error: (12/08/2014 00:02:53 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/02/2014 02:23:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000004
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1c88
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (11/30/2014 07:00:08 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/29/2014 07:51:34 PM) (Source: Application Hang) (User: )
Description: The program lightroom.exe version 4.1.0.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1670

Start Time: 01d00c2d279a44f4

Termination Time: 18

Application Path: C:\Program Files\Adobe\Adobe Photoshop Lightroom 4.1\lightroom.exe

Report Id: f26c50db-782a-11e4-ae55-70f395140705

Error: (11/23/2014 07:00:08 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/16/2014 07:00:08 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/13/2014 09:58:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: lightroom.exe, version: 4.1.0.11, time stamp: 0x4fb2266f
Faulting module name: CameraRaw.dll, version: 4.1.0.10, time stamp: 0x4fb22636
Exception code: 0xc000041d
Fault offset: 0x000000000009897e
Faulting process id: 0x19b4
Faulting application start time: 0xlightroom.exe0
Faulting application path: lightroom.exe1
Faulting module path: lightroom.exe2
Report Id: lightroom.exe3

Error: (11/13/2014 09:58:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: lightroom.exe, version: 4.1.0.11, time stamp: 0x4fb2266f
Faulting module name: CameraRaw.dll, version: 4.1.0.10, time stamp: 0x4fb22636
Exception code: 0xc0000005
Fault offset: 0x000000000009897e
Faulting process id: 0x19b4
Faulting application start time: 0xlightroom.exe0
Faulting application path: lightroom.exe1
Faulting module path: lightroom.exe2
Report Id: lightroom.exe3

Error: (11/13/2014 00:24:18 PM) (Source: Application Hang) (User: )
Description: The program WorkStreamDS.exe version 2.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2aa0

Start Time: 01cfff668c3d0271

Termination Time: 16

Application Path: C:\Program Files\WorkStream DS\WorkStreamDS.exe

Report Id: e05742e8-6b59-11e4-a962-70f395140705

Error: (11/13/2014 00:23:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: WorkStreamDS.exe, version: 2.6.0.0, time stamp: 0x52febdb7
Faulting module name: WorkStreamDS.exe, version: 2.6.0.0, time stamp: 0x52febdb7
Exception code: 0xc000041d
Fault offset: 0x000000000007efe4
Faulting process id: 0x1fc8
Faulting application start time: 0xWorkStreamDS.exe0
Faulting application path: WorkStreamDS.exe1
Faulting module path: WorkStreamDS.exe2
Report Id: WorkStreamDS.exe3


System errors:
=============
Error: (12/08/2014 00:35:03 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{715379AA-1047-4794-A890-6A675630F320}.
The backup browser is stopping.

Error: (12/07/2014 11:53:34 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/07/2014 01:00:41 AM) (Source: Service Control Manager) (User: )
Description: The BrSplService service has reported an invalid current state 0.

Error: (12/06/2014 11:59:58 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{715379AA-1047-4794-A890-6A675630F320}.
The backup browser is stopping.

Error: (12/06/2014 11:16:43 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/06/2014 09:07:06 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (12/06/2014 09:07:04 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (12/06/2014 09:07:02 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (12/06/2014 09:07:00 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (12/06/2014 09:06:57 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (12/08/2014 00:02:53 AM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (12/02/2014 02:23:19 PM) (Source: Application Error)(User: )
Description: vlc.exe2.1.5.000000004ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7531c8801d00e65667a48b6C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Windows\SysWOW64\ntdll.dllac021f0a-7a58-11e4-a339-70f395140705

Error: (11/30/2014 07:00:08 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/29/2014 07:51:34 PM) (Source: Application Hang)(User: )
Description: lightroom.exe4.1.0.11167001d00c2d279a44f418C:\Program Files\Adobe\Adobe Photoshop Lightroom 4.1\lightroom.exef26c50db-782a-11e4-ae55-70f395140705

Error: (11/23/2014 07:00:08 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/16/2014 07:00:08 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/13/2014 09:58:44 PM) (Source: Application Error)(User: )
Description: lightroom.exe4.1.0.114fb2266fCameraRaw.dll4.1.0.104fb22636c000041d000000000009897e19b401cfffb3a85149f9C:\Program Files\Adobe\Adobe Photoshop Lightroom 4.1\lightroom.exeC:\Program Files\Adobe\Adobe Photoshop Lightroom 4.1\CameraRaw.dll24f272bf-6baa-11e4-a962-70f395140705

Error: (11/13/2014 09:58:42 PM) (Source: Application Error)(User: )
Description: lightroom.exe4.1.0.114fb2266fCameraRaw.dll4.1.0.104fb22636c0000005000000000009897e19b401cfffb3a85149f9C:\Program Files\Adobe\Adobe Photoshop Lightroom 4.1\lightroom.exeC:\Program Files\Adobe\Adobe Photoshop Lightroom 4.1\CameraRaw.dll238fc5b6-6baa-11e4-a962-70f395140705

Error: (11/13/2014 00:24:18 PM) (Source: Application Hang)(User: )
Description: WorkStreamDS.exe2.6.0.02aa001cfff668c3d027116C:\Program Files\WorkStream DS\WorkStreamDS.exee05742e8-6b59-11e4-a962-70f395140705

Error: (11/13/2014 00:23:18 PM) (Source: Application Error)(User: )
Description: WorkStreamDS.exe2.6.0.052febdb7WorkStreamDS.exe2.6.0.052febdb7c000041d000000000007efe41fc801cfff63547f9060C:\Program Files\WorkStream DS\WorkStreamDS.exeC:\Program Files\WorkStream DS\WorkStreamDS.exec1b87100-6b59-11e4-a962-70f395140705


CodeIntegrity Errors:
===================================
  Date: 2014-12-08 11:58:29.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 10:35:24.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 10:16:50.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 10:00:22.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 09:39:50.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 09:13:34.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 09:07:28.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 07:12:26.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 07:05:39.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 06:38:53.858
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.356 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.100 - NOS Microsystems Ltd.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Any Video Converter 5 5.0.4 (HKLM-x32\...\Any Video Converter 5_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BodyMedia SYNC (HKLM-x32\...\InstallShield_{870BCBB7-1A28-4369-8327-466BD12D7E9D}) (Version: 2.0.5.90 - BodyMedia, Inc.)
BodyMedia SYNC (x32 Version: 2.0.5.90 - BodyMedia, Inc.) Hidden
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Checker 0.96 (HKLM-x32\...\5669-4702-5187-3677) (Version: 0.96 - Christopher G. Jennings)
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
FlipShare (HKLM-x32\...\{B1C0D829-FE30-059E-E93F-CDC7A48235C0}) (Version: 5.6.35.0 - Flip Video)
FocalPoint 2.0.6 (HKLM-x32\...\{E4A3CD44-ADB1-4EAD-8783-B70771EF4A02}) (Version: 2.0.6 - onOne Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.40 - Lenovo)
Lenovo Preferred Pro USB Fingerprint Keyboard Hotkey Driver (HKLM-x32\...\{DA344EE6-6F75-4F94-A39F-37F728DF63CB}) (Version: 3.4.0.1 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.21 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version:  - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Lab SiteGrinder 2 (Basic & Pro) (HKLM-x32\...\SiteGrinder2) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NPL ROES (HKLM\...\{16B370A4-370E-48FB-BBEA-1FE09127C584}) (Version: 1.2.1 - SoftWorks Systems, Inc.)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
onOne PerfectPresets (HKLM-x32\...\{7B4B0AA9-F97E-49C4-AE6F-D40580B65A22}) (Version: 1.0 - onOne Software)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PC Pitstop Info Center 1.0.0.13 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.13 - PC Pitstop LLC.)
PC Pitstop Optimize3 3.0 (HKLM-x32\...\PC Pitstop Optimize3_is1) (Version: 3.0.0.42 - PC Pitstop)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version:  - )
PENTAX Raw Codec (HKLM-x32\...\InstallShield_{E52226B3-808E-403C-A9C0-6904BFC80ED8}) (Version: 1.0.0.0 - HOYA CORPORATION)
PENTAX Raw Codec (x32 Version: 1.0.0.0 - HOYA CORPORATION) Hidden
Perfect Effects 8 (HKLM-x32\...\{C982ACFF-5997-4B7D-B3E1-CF7273A06FB2}) (Version: 8.1.0 - onOne Software)
Perfect Photo Suite 5.5.3 (HKLM-x32\...\{59679381-3F22-4A40-A7AD-890242D74DF4}) (Version: 5.5.3 - onOne Software)
Picaboo X (HKLM-x32\...\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1) (Version: 10.151P - Picaboo Corporation)
Picaboo X (x32 Version: 10.151 - Picaboo Corporation) Hidden
Pixel Bender Toolkit (HKLM-x32\...\Adobe_ca6764a9a650c02bbdf901e3c1d39d4) (Version: 1.5 - Adobe Systems Incorporated)
Pixel Bender Toolkit (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version:  - )
PopCap Browser Plugin (HKLM-x32\...\PopCap Browser Plugin) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 3.00 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5977 - Realtek Semiconductor Corp.)
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\RollerCoaster Tycoon Deluxe_is1) (Version:  - GOG.com)
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version:  - )
Signature995 (HKLM-x32\...\Signature995) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spyder2PRO (HKLM-x32\...\Spyder2PRO) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Last Express Gold Edition (HKLM-x32\...\Steam App 252710) (Version:  - DotEmu)
ThinkVantage Fingerprint Software (HKLM\...\{AB4794A6-40D9-405F-B735-2F619000D20D}) (Version: 5.9.2.5912 - UPEK Inc.)
ThinkVantage Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 1.01.0065 - Lenovo Group Limited)
Topaz Adjust 4 (64-bit) (HKLM-x32\...\Topaz Adjust 4 (64-bit)) (Version: 4.1.0 - Topaz Labs)
Topaz Adjust 4 (64-bit) (Version: 4.1.0 - Topaz Labs) Hidden
Topaz Adjust 4 (HKLM-x32\...\Topaz Adjust 4) (Version: 4.1.0 - Topaz Labs)
Topaz Adjust 4 (x32 Version: 4.1.0 - Topaz Labs) Hidden
Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (64-bit) (Version: 3.0.2 - Topaz Labs) Hidden
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Topaz DeJpeg 4 (64-bit) (HKLM-x32\...\Topaz DeJpeg 4 (64-bit)) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (64-bit) (Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (x32 Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeNoise 5 (64-bit) (HKLM-x32\...\Topaz DeNoise 5 (64-bit)) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (64-bit) (Version: 5.0.1 - Topaz Labs) Hidden
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (x32 Version: 5.0.1 - Topaz Labs) Hidden
Topaz Detail 2 (64-bit) (HKLM-x32\...\Topaz Detail 2 (64-bit)) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (64-bit) (Version: 2.0.5 - Topaz Labs) Hidden
Topaz Detail 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.0.2 - Topaz Labs)
Topaz Fusion Express 2 (64-bit) (Version: 2.0.2 - Topaz Labs) Hidden
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.0.2 - Topaz Labs)
Topaz Fusion Express 2 (x32 Version: 2.0.2 - Topaz Labs) Hidden
Topaz InFocus (64-bit) (HKLM-x32\...\Topaz InFocus (64-bit)) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Topaz Lens Effects (64-bit) (HKLM-x32\...\Topaz Lens Effects (64-bit)) (Version: 1.2.0 - Topaz Labs)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (HKLM-x32\...\Topaz ReMask 3 (64-bit)) (Version: 3.1.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (Version: 3.1.0 - Topaz Labs) Hidden
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.1.0 - Topaz Labs)
Topaz ReMask 3 (x32 Version: 3.1.0 - Topaz Labs) Hidden
Topaz Simplify 3 (64-bit) (HKLM-x32\...\Topaz Simplify 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (64-bit) (Version: 3.0.2 - Topaz Labs) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 5.1.26.18340 - LeapFrog)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VST Bridge 1.1 (HKLM-x32\...\VST Bridge_is1) (Version:  - )
Windows Driver Package - Intel (e1kexpress) Net  (09/23/2009 11.2.19.0) (HKLM\...\624C323ADA322D0969436D475BDBCDA08187D176) (Version: 09/23/2009 11.2.19.0 - Intel)
Windows Driver Package - Intel (HECIx64) System  (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows Driver Package - Intel (Serial) Ports  (09/17/2009 6.0.0.1179) (HKLM\...\D4CDD4D199191FF1BE5B46C3CD0E48BAF59F13CE) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows Driver Package - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (06/04/2009 9.1.1.1013) (HKLM\...\0134DA19E49BF25E588E062BF3AF5B52A1FB0570) (Version: 06/04/2009 9.1.1.1013 - Intel)
Windows Driver Package - Intel System  (06/04/2009 9.1.1.1013) (HKLM\...\563601B59417ECE6367FFC9E33EF23D1E64AA350) (Version: 06/04/2009 9.1.1.1013 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Lenovo (pelusblf) HIDClass  (04/27/2010 2.1.0.0) (HKLM\...\A9D21D51B588FCF387DFBD0D4F940E5F9465DE8F) (Version: 04/27/2010 2.1.0.0 - Lenovo)
Windows Driver Package - NVIDIA (nvlddmkm) Display  (03/24/2010 8.17.11.9731) (HKLM\...\40020C363B9D8882DA6FA2CAF0EEE4E7681764FD) (Version: 03/24/2010 8.17.11.9731 - NVIDIA)
Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA  (01/28/2010 1.0.9.1) (HKLM\...\8F71D4AD12FAA5B838531A70EA85FD46C0DF59F4) (Version: 01/28/2010 1.0.9.1 - NVIDIA Corporation)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977) (HKLM\...\5C85037674A0C9BCCD9BECFFCE702705210663C5) (Version: 11/09/2009 6.0.1.5977 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977) (HKLM\...\C345B26EEEB6098A8761A397AAEEAFB248C1981F) (Version: 11/09/2009 6.0.1.5977 - Realtek Semiconductor Corp.)
Windows Driver Package - SUNIX Co., Ltd. Golden Adapter Driver (06/11/2009,1.0.3.64) (HKLM\...\Golden Adapter Driver) (Version: 06/11/2009,1.0.3.64 - SUNIX Co., Ltd.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WorkStream DS 2.5 (HKLM-x32\...\WorkStream DS_2.5) (Version:  - )
WorkStream DS 2.6 (HKLM\...\WorkStream DS_2.6) (Version: 2.6b - ZBE Inc.)
WOT for Internet Explorer (HKLM-x32\...\{1D10C273-3F95-42A2-8371-AB6B1F59821B}) (Version: 10.12.20.0 - WOT Services Oy)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
YNAB 3 (HKLM-x32\...\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1) (Version: 3.6.0.5 - YouNeedABudget.com)
YNAB 3 (x32 Version: 3.6.0 - YouNeedABudget.com) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.038 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.504 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.000.038 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11 - Check Point Software Technologies LTD) Hidden
========================= Restore Points ==================================

28-11-2014 21:29:55 Windows Update
02-12-2014 06:51:36 Windows Update
05-12-2014 12:09:46 Windows Update
05-12-2014 16:26:25 avast! antivirus system restore point
05-12-2014 16:34:58 Windows Update
06-12-2014 16:09:36 avast! antivirus system restore point

**** End of log ****
 

Step 2 Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/8/2014
Scan Time: 12:16:35 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.08.06
Rootkit Database: v2014.12.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Work

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359464
Time Elapsed: 9 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 77
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");), Replaced,[79ed8ad6a5d77eb8b500dfbeca3bb34d]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (b 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "13428337), Replaced,[83e3afb1e795d46262539eff22e38f71]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 0), Replaced,[f274124ecbb1290d8e271b82729320e0]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (e.InstallationTime.value", "1342833798");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01), Replaced,[97cfef711468fb3b882dabf2ab5a3dc3]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (d Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.va), Replaced,[afb79cc46a127db9773ef2ab4bbaa15f]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: ( "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833), Replaced,[283e154bc1bb57dfb005900dfc097e82]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (er_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
use), Replaced,[a6c0114f522a7fb72194a8f59174c937]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (1 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
us), Replaced,[4620e27ed7a50333bbfac0dda2639b65]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (ser_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-), Replaced,[8adc80e0bebeb284e8cd9607de27916f]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (allationTime.value", "1342833798");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 G), Replaced,[2d396df3d5a7be78585d831ae0250ff1]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
), Replaced,[acba213f106c989edbdac1dcea1b738d]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (1 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798"), Replaced,[fb6b63fd0d6f14223481643931d414ec]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833), Replaced,[5f07154bf58733034a6b613ca1646997]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (eb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "134), Replaced,[2046c8983745d75fded7128bed187e82]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (ime)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "), Replaced,[8cdaff614c3074c21b9a0c91b64f30d0]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (i Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensio), Replaced,[d591560a304c89adb401cecf858053ad]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (on", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard ), Replaced,[81e570f0f5875fd76154eeaf15f058a8]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (*****

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Easte), Replaced,[273fb4ac81fb40f600b5cdd00df86799]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (ser.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern St), Replaced,[32346ff1f8842214ddd86e2fbb4a9e62]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 ), Replaced,[77ef1a46dba11323288d9706bb4acd33]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (*******

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-05), Replaced,[0264c997621a39fdfbba722ba75e07f9]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (***

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (E), Replaced,[a4c2ef714c300630981d4f4e818446ba]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (**

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationT), Replaced,[d88e1e42e696f54145709508b2539070]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.val), Replaced,[c5a1abb5f5871f1740750598b74e8d73]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (ams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams), Replaced,[cc9af26e1a62d95d971e782528dd19e7]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "134283379), Replaced,[2d39f16fee8e56e05560514c759057a9]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (i Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
), Replaced,[88de233d49338caa971e55489b6a03fd]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
use), Replaced,[283eabb52d4fa591c0f52578679e49b7]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (b 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798"), Replaced,[baac025ecdaf4fe7892c4657ee17ba46]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "134283379), Replaced,[5c0a4d1384f872c42c895b42d82dfc04]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
), Replaced,[0d597de36418df57f6bf2875db2ae51b]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (r_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
us), Replaced,[74f2f868f28a95a1476e9eff38cd01ff]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: ( 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");), Replaced,[3135baa64636a4926c49a9f4976e59a7]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798"), Replaced,[68fec39da4d858defeb7edb0818401ff]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (eb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
user_pr), Replaced,[2a3c6000cab247ef8d289a034db832ce]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: ("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
user_pref("extensions.crossriderapp4), Replaced,[6006431dbebe03337d38683559ac39c7]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: ((Eastern Standard Time)");
user_pref("extensions.crossriderapp), Replaced,[283e29373d3f181e5d5878251ee706fa]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standar), Replaced,[4e186bf590ec60d6f7be2c7142c39868]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (xpiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern St), Replaced,[85e16df30a724fe71e975c4171947888]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (*****

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (), Replaced,[4125e27e07750d294c692b722fd6956b]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (*

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Ti), Replaced,[b6b06000c0bc7abc486de8b5b352af51]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (tion", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
u), Replaced,[a7bfe0800f6de94d3b7a306dbe47a858]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("exten), Replaced,[244295cbb0cc93a37c391588d62fd12f]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: ( 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extens), Replaced,[4521213ffe7e68ce70454a53ff06b34d]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (xpiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("ext), Replaced,[a6c05d039fddba7c9d182578ac592bd5]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("ext), Replaced,[f472e47c285485b1eec75e3f8c7950b0]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (xpiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("), Replaced,[b7afc59b9be1e155d6df5a4319ec03fd]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (ri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("), Replaced,[e1856ff12b51e1559124930a75904fb1]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (xpiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_), Replaced,[5a0c6bf5dba13402565f5944f213966a]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (n", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_), Replaced,[1a4cff61b6c68caaf3c2c4d9c243c13f]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (xpiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user), Replaced,[b7af0b557ffd1125575e9ffe36cf9d63]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (on", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user), Replaced,[f86e2f31a0dcdf57f5c0cfceda2bf40c]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (xpiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pre), Replaced,[7de91e421a62e353eacb1b82e81d649c]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: ( "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pre), Replaced,[77efd8882557b482199ca8f50ff64cb4]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (xpiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref(), Replaced,[e87e78e83c40fc3a991c9a03e520e61a]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref(), Replaced,[174f015f03796acc585d019cb550bd43]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref), Replaced,[4f174a16156795a12590e6b7ba4bec14]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pr), Replaced,[5f0775eb661632045d58ccd18a7b9d63]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: ( "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp449), Replaced,[7de99bc51e5e55e1d1e494094eb723dd]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (0:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1342833798");
u), Replaced,[6df9a2be94e85fd7912408952dd8649c]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (me)");
user_pref("extensions.crossriderapp4493.4493.cookie.Insta), Replaced,[81e5df816b1196a08a2b6c31c83d857b]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (
user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standa), Replaced,[96d0b5abe399c96de2d3adf09372ef11]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (r.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Stan), Replaced,[105618482f4d6dc9773e910cf510ca36]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern), Replaced,[3630c59b601cc274af069706b74eb64a]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (
user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern), Replaced,[3a2c3d23cbb1e650e7cec6d7c2433dc3]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eas), Replaced,[7ceaa5bb215bc175fdb8f6a76f967f81]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (***

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern), Replaced,[7aecb0b0e49839fd1b9afda0689d0bf5]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (ser.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Ea), Replaced,[5a0cd28e7a0250e66154d3ca5baa857b]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (********

user.expiration", "Fri Feb 01 2030 00:00:00 ), Replaced,[3a2c213fcdaf290d763f861747be4cb4]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (********

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard ), Replaced,[8ed83d23106c3bfb2d88217c0302fe02]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (, "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standa), Replaced,[53131c446715082e8134c3daf90cda26]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (***********

user.expiration", "Fri Feb 01 2030 00:00:00 ), Replaced,[b0b66ef24636e254387d920bbd489c64]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (*****

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Ea), Replaced,[87df79e7f38951e5dadb19848e77d729]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (
user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standar), Replaced,[94d2df81e5977eb8575e6934a46156aa]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Stand), Replaced,[92d4ec74e894c5717f36b1ec3bca936d]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (*

user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern ), Replaced,[fd69253b750760d615a0287553b27a86]
PUP.Optional.CrossRider.A, C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\prefs.js, Good: (), Bad: (user.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Sta), Replaced,[c89e0759522a13236e472e6ffc0950b0]

Physical Sectors: 0
(No malicious items detected)


(end)

 

Step 3: Security Check

 

Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spyder2PRO     
 Secunia PSI (2.0.0.3003)   
 Malwarebytes Anti-Malware version 2.0.3.1025  
 JavaFX 2.1.1    
 Java 7 Update 71  
 Adobe Flash Player 15.0.0.239  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (33.1)
 Mozilla Thunderbird (31.3.0)
 Google Chrome (39.0.2171.65)
 Google Chrome (39.0.2171.71)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

 

Thanks!



#4 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 08 December 2014 - 01:14 PM

Hello there,

Step One:
Uninstall Some Programs 
 
There's currently some programs on your PC that we need to remove, for the time-being at least. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • Java 7 Update 71
  • JavaFX 2.1.1
  • PC Pitstop Info Center
  • PC Pitstop Optimize3

If any programs listed above aren't in Programs and Features, you can just skip them. Please download JavaRa from here and once opened it, select 'remove JRE'. Make sure you skip the re-install Java option!

Step Two:
Download and run rKill

  • Click here to download rKill to your desktop.
  • Double click it (Win 7 and Vista users, right-click and select run as admin)
  • The tool will run and then a log file should open.
  • Please post the contents of it in your next reply.

Please don't restart your computer before running the next step.

Step Three:
Download and run AdwCleaner

  • Click here to download AdwCleaner to your desktop.
  • Double click adwcleaner_x.xxx.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

Step Four:
Download and run Junkware Removal Tool

  • Click here to download Junkware Removal Tool to your desktop.
  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.


#5 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 08 December 2014 - 02:02 PM

Here is the next part:

 

 

 
Step 1:

  • Java 7 Update 71
  • JavaFX 2.1.1
  • PC Pitstop Info Center
  • PC Pitstop Optimize3

All uninstalled

 

Step 2 Rkill:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/08/2014 01:31:49 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\brsvc01a.exe (PID: 1920) [WD-HEUR]
 * C:\Windows\SysWOW64\brss01a.exe (PID: 1940) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/08/2014 01:32:41 PM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)
 

Step 4 AdwCleaner:

# AdwCleaner v4.104 - Report created 08/12/2014 at 13:41:09
# Updated 05/12/2014 by Xplode
# Database : 2014-12-08.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Work - WORK-THINK
# Running from : C:\Users\Work\Downloads\adwcleaner_4.104.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\PCTechHotline
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Work\AppData\Local\Conduit
Folder Deleted : C:\Users\Work\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Work\AppData\Local\PackageAware
Folder Deleted : C:\Users\Work\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Work\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Work\Documents\Optimizer Pro
Folder Deleted : C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\Extensions\ffxtlbr@zonealarm.com
File Deleted : C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\7xpug4pq.default\searchplugins\zonealarm.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443393}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447793}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447793}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v33.1 (x86 en-US)

[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Frns.crossriderapp4493.4493.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2240944%22%2C%22sub_id%22%3A%22defau[...]
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Frns.crossriderapp4493.4493.cookie._GPL_aoi.value", "1342833798");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Frns.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Frns.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2240944%22%2C%22sub_id%2[...]
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Frns.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2240944%22");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Frns.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221238%22");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Frns.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%2258622%22");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Frns.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22C20AC4E1100B[...]
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Frns.crossriderapp4493.4493.internaldb.Resources_appVer.value", "19");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Frns.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Frns.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Sun Aug 12 2012 00:35:02 GMT-0400 (Eastern Daylight Time)");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Frns.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Frns.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 2);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 1);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 1);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 3);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 1);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 1);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 1);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 1);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 2);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "17,14,16");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,28");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4493/plugins/083/ff/plugins.json");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 4);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 19);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.bic", "139139653c8486e2e2a88960244e0ce3");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1344653383);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22412075);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22412152);
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "afterthedeadline@afterthedeadline.com:1.51,crossriderapp4493@crossrider.com:0.83.18,DivXWebPlayer@divx.com:2.0.2.039,ffxtlbr@zonealarm.com:1.6.0,gaurangnshah@gma[...]
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN21707576523302-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=627071bd00000000000070f395140705");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.keyWordUrl", "hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN21707576523302-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=627071bd00000000000070f395140[...]
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN21707576523302-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=627071bd00000000000070f395140705");
[7xpug4pq.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN21707576523302-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=627071bd0000000000007[...]

-\\ Google Chrome v39.0.2171.71

[C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN21707576523302-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=627071bd00000000000070f395140705&q={searchTerms}
[C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={9C5944B0-4552-48A6-8078-9362A5A118C9}&mid=f2872e0cc4d147d0a7eca1bad3f0eef6-f95c4e9db4242847080c262b83a4477492b0825d&lang=en&ds=gl011&pr=sa&d=2012-07-20 21:23:44&v=12.1.0.20&sap=dsp&q={searchTerms}
[C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325809&octid=EB_ORIGINAL_CTID&ISID=MDA8BBD99-1A00-444C-8265-1D42EDDEEE49&SearchSource=58&CUI=&UM=5&UP=SP8EBC27AA-D72B-4212-9201-9C42AA7931A5&q={searchTerms}&SSPV=
[C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325809&octid=EB_ORIGINAL_CTID&ISID=MDA8BBD99-1A00-444C-8265-1D42EDDEEE49&SearchSource=58&CUI=&UM=5&UP=SP8EBC27AA-D72B-4212-9201-9C42AA7931A5&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [22805 octets] - [08/12/2014 13:34:33]
AdwCleaner[S0].txt - [22911 octets] - [08/12/2014 13:41:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22972 octets] ##########
 

and Step 4 Junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Work on Mon 12/08/2014 at 13:47:07.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Work\AppData\Roaming\getrighttogo"
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{0E987414-9D36-4C6D-A8A2-63326E7C7F3A}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{0EB0C848-4A10-461A-AE5A-D32E7CEFAEEE}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{131F3B4F-4EA7-493C-8932-A11252C893FF}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{1F80A7C6-FE72-41AB-B2A7-AE35AF740A7C}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{208DCA25-4E22-4CA7-8D89-2C915160F0D3}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{2502147C-6BD1-4B5E-92A8-06589B0083B1}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{3B5302F6-3472-4620-837D-2902E3EC29CA}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{43B67649-DC4A-409B-9838-B76FD8423921}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{4BA77B52-0617-40D4-A6F9-74D9F6ADAB04}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{52D8F3AB-A4DF-497B-ACF7-DDC976DEF852}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{544A45D8-2D1C-4AAE-B3F9-F4E0C87CEF7C}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{58D44D1F-5FD2-4D10-8ABC-6F7B2B664A8E}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{69017299-A7C1-4DAA-9915-9BB1E97048B7}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{6A60C119-86DB-4B87-A604-5C9C6F0B029E}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{771C2B3F-C2B0-4A47-A864-72F7965A6A6A}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{8271065F-4CC3-4057-982B-6FD9B07726D4}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{843275B7-4D4C-484F-BA59-244779BAADE6}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{A04AC5A4-1F8F-4EE8-91DC-617EED7A403D}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{A507468D-1D84-4871-963C-03B59A52C6F9}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{AC0B9F58-8CD9-46EB-8CB6-29462622084C}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{B43E5A21-B472-4736-9104-4CDD468FA79B}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{BDD3B108-3E96-400F-ACB2-49CA4D3A39DC}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{CB6AD342-380F-4EF1-997F-FC39ECC454CE}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{D1EC66DD-FED0-4BDB-AE4D-CB5D4DFA241F}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{DBF75CE0-0B93-46BC-9EEA-69860FA3A57E}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{E72EFB9F-5629-4CC8-A881-EC2D49ABAB3A}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{E97C50F0-C075-4CE9-8E7C-7F95A8E838AB}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{FDAAD66B-D3AC-4672-9C1F-2D6F7238784F}
Successfully deleted: [Empty Folder] C:\Users\Work\appdata\local\{FF68A65D-8B75-47CF-8100-E37B16442E08}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Work\AppData\Roaming\mozilla\firefox\profiles\7xpug4pq.default\extensions\staged



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/08/2014 at 13:58:38.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Looks like we're getting somewhere. :)



#6 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 08 December 2014 - 02:37 PM

Is there a reason why you have Windows Firewall disabled? I recommend you enable it, instructions are here.



#7 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 08 December 2014 - 02:39 PM

I have ZoneAlarm Running.



#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 08 December 2014 - 02:50 PM

Okay, thanks for the confirmation :) 

How is the PC now?



#9 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 08 December 2014 - 04:02 PM

Seems to be working fine!  Do I need to do anything else?



#10 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 08 December 2014 - 04:33 PM

Glad your issue is now resolved :)

For one last final step, please download Delfix from here and save it to your desktop. Right-click it and select run as administrator. Select the following and press run:

  • Remove disinfection tools
  • Purge system restore

Happy surfing!



#11 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 08 December 2014 - 05:15 PM

Thank you very much!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users